To Create Or Maintain A Secure Environment, Organization Must Design A Working Security Plan And Then Implement A Management Model To Execute And Maintain The Plan.
This May Begin With The Creation Or Validation Of A Security Framework, Followed By An Information Security Blueprint That Describes Existing Controls And Identifies Other Necessary Security Controls.
A Framework Is The Outline Of The More Thorough Blueprint, Which Is The Basis For The Design, Selection, And Implementation Of All Subsequent Security Controls.