Defining an information security program road map
For effective implementation of a security program, it is recommended to develop a road map covering different stages with a clear objective to be achieved during each stage. The initial stage of program development is to talk to concerned stakeholders such as business units, legal, HR, finance, and other units. This will help the security manager to determine the security requirements of different units.
In the second stage, security requirements should be formalized to draft a basic security policy and approval should be obtained from senior management. A security steering committee consists of officials from different business functions. It plays an important part in the finalization of security requirements. In the third stage, members of the security steering committee emphasize the promotion of security awareness of the policy and conduct a security review to see whether they are in compliance. In the fourth stage, gaps identified...
