Key Points for This Chapter
People are the most important component of your information security program and can make up for deficiencies in process and technology.
Reporting relationships are important for information security organizations because they need the authority, in addition to responsibility, to implement programs that restrict the behavior of employees.
The decision to develop an in-house information security program or rely upon a third party to perform these services is quite important.
Preparing your company for industry compliance, such as Sarbanes Oxley, is quite complex, and requirements are subject to frequent change.
Ongoing training and certification, such as CISSP, are essential if you choose to staff an in-house information ...
Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.