Security Program
Building and maintaining comprehensive security programs
A Security Program is the comprehensive framework of policies, procedures, technologies, and people that work together to protect an organization’s information assets.
Program Elements
- Governance - Leadership, policies, and accountability
- Risk Management - Identifying and treating risks
- Asset Management - Inventory and classification
- Access Control - Identity and authorization
- Operations Security - Day-to-day protective measures
- Physical Security - Facilities and hardware protection
- Incident Response - Detection and response capabilities
- Business Continuity - Resilience and recovery
Building a Program
- Assess current state and gaps
- Define security strategy and roadmap
- Develop policies and standards
- Implement controls and technologies
- Train and build awareness
- Monitor and measure effectiveness
- Continuously improve
Frameworks
- NIST Cybersecurity Framework
- ISO 27001/27002
- CIS Controls
- COBIT
Maturity Models
- CMMI
- NIST CSF Implementation Tiers
- C2M2 (Cybersecurity Capability Maturity Model)
