Stepping Through the Information Security Program 


Stepping Through the InfoSec Program Bookstore Purchase the Book

Knowledge Center  Visit the Information Security Management Knowledge Center community

The information security professional has evolved from computer operator to chief information security officer, and from controlling punched cards to negotiating strategic plans, defining policies, documenting processes, managing technology, measuring performance, controlling costs, supporting business recovery and demonstrating regulatory compliance. This publication includes a case study and steps to:

  • Compose an information security program
  • Cement a relationship between an information security program and IT governance
  • Design roles and responsibilities to ensure accountability
  • Identify and allocate resources to achieve information security program objectives
  • Determine if an information security program is achieving objectives