What distinguishes a good security program? One of the hardest questions to answer in the Information Security field is whether our security program is good, or not. It’s a question we want to answer for many reasons, not least of which include:
Assuring my boss, my CEO, my Board, my company that the money and resources they’ve entrusted me with are appropriate and well utilized.
Being comfortable that we have done the right things to make a breach, theft, intrusion, etc as difficult and unlikely as possible.
Measuring your security program in an easy to understand, clear fashion.
Based on many years of my own experience, I’m going to tell you what I believe constitutes a good security program. One that is appropriate and effective. A program that you can measure and demonstrate that you are doing the right things. This is all about taking care of your “below the line” responsibilities. Those are the responsibilities that are your job, that you are just supposed to take care of, that the …
Keep reading with a 7-day free trial
Subscribe to Security n Cigars to keep reading this post and get 7 days of free access to the full post archives.