Developing and maintaining an information security strategy is essential to the success of your program. This strategy serves as the roadmap for establishing your program and adapting it to future challenges. By following a consistent methodology for developing your strategy, you are more likely to achieve high-quality results during the process and complete the project in a timely manner.
In addition, it is important to communicate the strategy and the processes that your organization will follow in simple terms that your non-technical staff will understand. As Chapter 2, "Information Security Overview" mentions, the success of any security program relies on the active participation of all personnel and their compliance with established security policies. By explaining all the policies and processes clearly and with minimal technical and business jargon, you increase the likelihood that your program will succeed.
This chapter aids you in evaluating your information security program and assists you in implementing an improvement plan that is appropriate for your company. We begin with a review of a methodology that you can use to guide the process. You can complete this process in a short periodas little as 90 days for most organizationsand by doing so, you will produce a 2-year roadmap for continually improving your program. Because the information security field is rapidly changing, you should review and update this roadmap on an annual basis because major revisions might be necessary.