top of page

The Information Security Program: Establishing Holistic Security Expectations

Consider all departments of the organization and their business influence; dependencies on 3rd party supplies and services; product deliverables, and; customer expectations.

Don't reinvent the wheel and don't neglect industry rules.  Major industries have established rules and regulations that are often accompanied by proven best practices to help achieve compliance with industry standards.

Local, State, and Federal laws, rules, and regulations govern business practices and require baseline security standards for companies to show its commitment to protecting consumers.

Business

Industry

Regulations

Regardless of the size of the business, an information security (IS) program must be established as a means to identify, guide, and educate business processes on the protection of the company's data and data resources.  The foundation of an effective security program is guided by policies that take into account business, industry, state, and federal requirements and incorporates best practices.  By incorporating these into the Information Security Program, the business is more capable of providing direct, clear, and meaningful guidance and influence to employees and business processes.

In the previous section, we discussed the importance of identifying business requirements.  The objective of this section is to understand the importance of integrating those requirements into a formal program that defines and provides guidance on the protection of business data and resources.  We will also cover common components or areas of concern that should be considered when developing the program.

bottom of page