Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program . Additionally , there are many security frameworks that organizations commonly reference when developing their security programs . Review the security frameworks provided by NIST ( SP 800-53 ), ISO / IEC 27000 series , and COBIT . Assume that you have been hired as a consultant by a medium-sized insurance organization and have been asked to draft an IT Security Policy Framework .
You may create and / or assume all necessary assumptions needed for the completion of this assignment .
Write a three to five ( 3-5 ) page paper in which you :
Select a security framework , describe the framework selected , and design an IT Security Policy Framework for the organization .
Describe the importance of and method of establishing compliance of IT security controls with U . S . laws and regulations , and how organizations can align their policies and controls with the applicable regulations .
Analyze the business challenges within each of the seven ( 7 ) domains in developing an effective IT Security Policy Framework .