Summary

In this chapter, we discussed the critical activities required to establish an enterprise-wide information security program, focusing on executive buy-in, policies, procedures, standards, and guidelines.

In this chapter, you learned:

• The planning concept related to information security program establishment
• Success factors for information security program success
• Information security program integration into organizational processes
• Maturity concepts related to information security program planning
• Policies, procedures, standards, and guidelines

In the next chapter, we will be covering the concepts of information security risk management. We will be discussing who has the responsibility for risk ownership within the organization and how to perform a risk assessment.