Summary
In this chapter, we discussed several important topics.. Establishing this framework first will drive the policies, standards, and procedures for the organization. When first creating your framework, ensure that it also aligns with business objectives and best practices. This does not necessarily mean that you must get it right the first time; however, if it is not well thought out initially, it could mean additional re-work later. Policies and standards are truly meant to back up all the hard work that you and your team perform daily. Policy documents are also needed to pass an audit as they state what your intent is for having the technology, and how you intend to configure and use it.
Policies are high-level documents meant to be consumed by the public without the need for an NDA. This is an important distinction between a policy and the other documents. Standards and procedures are meant to be mid- to low-level documents that state how a control is being implemented...
