Summary
This chapter addressed the role that CISOs and other security leaders play in an organization in terms of documenting security processes. This documentation process ensures that all the processes are recorded for future review, to provide guidance on the use of a system, and to enforce policies and procedures across the organization. Some of the main documents that have been identified in this chapter include incident response plans, disaster recovery plans, business continuity plans, and information security plans.
Documenting processes include project development phases, which help us understand the development aspects of a system for future evaluation and improvement. Processes, procedures, and policies are also documented to help enforce security requirements in an organization. Every aspect of documentation should be consistent with the business objectives and should fit within the business objectives; they should not hinder business operations.
The next chapter...
