IT Examiner School - Oct 2025

Internal Use Only

7

Information Security Principles: Frameworks

• Definition: A set of organized protocols that organizations implement to efficiently oversee and safeguard their information assets. • Purpose: To define optimal practices, ensure compliance with regulations,

Roadmap for achieving strategy

Policies/Standards/Pr ocedures/Guidelines

Controls & Control Objectives

Roles and Responsibilities

and unify security procedures throughout the organization.

Auditing & Assurance

Governance & Oversight

3 rd Party Governance

Internal Use Only

Policy Framework: What is a Policy? Policy is a formal statement of principles or rules that members of an organization must follow.

• Policy sets the strategic direction and objectives, and it is the highest-level document that dictates certain actions or behaviors within an organization. Simplistic example: Policy: Access to

company information systems is restricted to authorized users only.

8

These materials are for internal training purposes for NYS DFS Staff. It may not be distributed outside the department.