A Framework Can Align Security Objectives with Business Goals
- Implementing a framework forces you to make decisions about what your greatest risks are and what you need to protect most.
- Embedding security into business operations enables you to align security benefits with business benefits.
“The framework helps drive alignment between the business’ objectives and your security objectives. Ideally, they are one and the same.”
In Lee Bailey’s experience of having used security frameworks in businesses as varied as defense contracting and retail, one important value of implementing a security framework is growth in the maturity of a security practice. He says, “The framework allows you to go from asking, ‘Do we need this?’ to ‘How do we get there?’ and ultimately, ‘These are our controls and processes.’” That journey forces you to make decisions about what your greatest risks are and what you need to protect most. “It’s not always about putting the right framework in place,” Bailey says. “It’s about knowing what you’re responsible for and making sure everybody in the organization knows what they’re supposed to do.”