Information security program management overview
An information security program covers all the activities and processes that collectively provide security services to an organization. Some of the common activities of security programs include the design, development, and implementation of security-related controls throughout the organization. Controls can be in the form of simple policies and processes or an advanced technological structure. Depending upon the size and nature of the organization, the security program can be managed by either a single individual or an exclusive team headed by a chief information security officer (CISO).
A security manager is expected to have a thorough knowledge of information technology as it helps to understand how changes in the technical environment affect the security posture. An information security manager is required to evaluate the risk of technology and determine relevant controls to safeguard the IT resources.
Apart from technical...
