A Framework Enables a Consistent Security Practice in an Extended Global Enterprise
- Without a framework, you have no basis for establishing controls in a consistent way across an extended enterprise.
- Having a maturity measurement makes it easier to determine where you are in relation to client requirements, and what you must invest to support a client’s service agreement.
“Without a framework, security operations become much more difficult, and in some cases, impractical.”
For a large facilities-management company with operations in 80 countries and over half a million employees, securing infrastructure is a daunting task. Without the right framework, it would not be possible to implement any kind of coherent security strategy across the enterprise. Ole Frandsen, group CISO and head of information security at ISS, has chosen the ISO 27000 family of frameworks as the standard for ISS’s security operations. “It is the most used framework in the industries we serve around the world,” says Frandsen. “In most cases, our clients use the same framework, which gives them assurance from both a business and security perspective.”