Essential Components for a Successful Information Security Program
The following 10 areas are essential for your information security program to be effective:
- Make sure the CEO “owns” the information security program.
- Assign senior-level staff with responsibility for information security.
- Establish a cross-functional information security governance board.
- Establish metrics to manage the program.
- Implement an ongoing security improvement plan.
- Conduct an independent review of the information security program.
- Layer security at gateway, server, and client.
- Separate your computing environment into “zones.”
- Start with basics and then improve the program.
- Consider information security an essential investment for your business.
We will describe these components in more detail in the remaining chapters of this book and provide suggestions on how to incorporate them into your information security program.