Overview
People are the most important component of an effective information security program, and this chapter begins with a critical evaluation of this component within your existing organization.
The previous chapter introduced the security evaluation framework, which contains some of the most important industry best practices for information security. The first step is using it to grade your existing program and identifying potential areas for improvement. The design of your future information security organization is the second step in this process.
This chapter divides the current and future people evaluation into three key areas that correspond to the security evaluation framework: strategy, components, and administration.
Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
