DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Wednesday, 29 November 2017 16:05

Formalizing an Information Security Program

Formalizing your information security program is a critical step to drive information security capability maturation in any organization. The intent of formalizing a program is to get clear on focus and ensure everyone is on the same page about who is doing what.

From our experience, building a great information security program starts with asking the right questions. At Avalution, we build information security programs from the top down, starting with the strategy of the business and focusing on the following five key questions:

  1. Why do we have an information security program?
  2. What are we going to protect?
  3. How are we going to achieve it?
  4. Who is responsible and accountable?
  5. What are the results going to look like?

Let’s take a closer at each.

...

http://perspectives.avalution.com/2017/formalizing-an-information-security-program/