Home > Creating a formal information security program
Book Chapter:
EMAIL THIS LICENSING & REPRINTS

Creating a formal information security program

15 Apr 2005 | Symantec Press

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

The Executive Guide to Information Security: Threats, Challenges and Solutions

By Mark Egan and Tim Mather 268 pages; $34.99        Symantec Press

Executives commonly ask, "How well are we protected, and what should we be doing to improve our program?" A recent security-related event inside an organization or a heightened awareness of security in general can prompt this question. Regardless of the reasons for starting a formal program, you should follow a structured methodology to guide your program. Although this is true in any critical business process, it's especially important in information security. By following a structured methodology, you can obtain results that are more predictable.

A structured methodology is similar to a therapy regimen prescribed by your doctor when recovering from an illness or accident. In this case, the illness might be a non-existent or weak information security program, and an accident might equate to an information security incident.

Infosec Bookshelf

Read the full chapter

Read a review of this book

Share your opinion of this book

More book chapters and reviews

You should first step back and determine the business objectives that you want to support with your information security program. Evaluate the effectiveness of your existing program and determine where you would like it to be in the future. Aligning your security policies closely with your business strategy enables your company to achieve its objectives without hindrance because your staff is less likely to circumvent security measures that seriously impede them from achieving your core business goals.

The next step is the gap analysis -- comparing where you are to where you want to be and examining the alternative methods to achieving those objectives. The investment you are willing to make in your program will determine its extent and the time necessary to put it in place. Again, keep in mind that this is a continuous process and you will need to update your information security program as your business environment changes.

Read the full chapter.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts