Stepping Through the InfoSec Program
A case study and steps to form a relationship between an information security program and IT governance and define roles and responsibilities to ensure accountability are included.
Abstract
The information security professional has evolved from computer operator to chief information security officer; from controlling punched cards to negotiating strategic plans, defining policies, documenting processes, managing technology, measuring performance, controlling costs, supporting business recovery and demonstrating regulatory compliance. This publication includes a case study and steps to: Compose an information security program Cement a relationship between an information security program and IT governance Design roles and responsibilities to ensure accountability Identify and allocate resources to achieve information security program objectives Determine if an information security program is achieving objectives