Book Chapter

Creating a formal information security program

The Executive Guide to Information Security: Threats, Challenges and Solutions

By Mark Egan and Tim Mather 268 pages; $34.99        Symantec Press

Executives commonly ask, "How well are we protected, and what should we be doing to improve our program?" A recent security-related event inside an organization or a heightened awareness of security in general can prompt this question. Regardless of the reasons for starting a formal program, you should follow a structured methodology to guide your program. Although this is true in any critical business process, it's especially important in information security. By following a structured methodology, you can obtain results that are more predictable.

A structured methodology is similar to a therapy regimen prescribed by your doctor when recovering from an illness or accident. In this case, the illness might be a non-existent or weak information security program, and an accident might equate to an information security incident.

Infosec Bookshelf

Read the full chapter

Read a review of this book

Share your opinion of this book

More book chapters and reviews

You should first step back and determine the business objectives that you want to support with your information security program. Evaluate the effectiveness of your existing program and determine where you would like it to be in the future. Aligning your security policies closely with your business strategy enables your company to achieve its objectives without hindrance because your staff is less likely to circumvent security measures that seriously impede them from achieving your core business goals.

The next step is the gap analysis -- comparing where you are to where you want to be and examining the alternative methods to achieving those objectives. The investment you are willing to make in your program will determine its extent and the time necessary to put it in place. Again, keep in mind that this is a continuous process and you will need to update your information security program as your business environment changes.

Read the full chapter.

This was first published in April 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: