Introduction
The previous chapter introduced the key components of an information security program and the principle of defense-in-depth. This chapter introduces the core concepts that you should consider when building a new security program or improving an existing one. Both of these tasks require a solid plan and diligent attention to details. Using the methodologies introduced in this chapter, you can begin to create that plan.
When developing your information security program, you should begin by determining the high-level business objectives that you want to achieve. These objectives will serve as boundaries for the program and will guide your progress. By following a consistent methodology, you will be able to evaluate multiple alternatives ...
Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
