Security Program | Overview of a Security Program and the Team that Leads it

What is a Security Program? Who Leads It?

A security program is a system for protecting the confidentiality, integrity, and availability of information within a business.

If you were to walk into an organization and ask “Where is the information security program?” you would most likely get this answer… It is the group within the organization that is charged with the task of managing security, but who are they exactly?

Watch Exclusive Video: Tips & Techniques to Enable Informed Decision Making from your Information Security Program

Who in the Organization is the Security Program led by?

In most organizations, the information security program will be led by the Chief Information Security Officer or CISO. This job is often also called the manager deputy director, director or vice president of information security.

Documentation Security Program Produce

The most common known documentation of a security program is represented in the suite of security policy documentation and the security program charter.

The security program charter, describes the mission and mandate of the security group, while the security policy documentation policies describe the rules of the road for the organization as it relates to information security.

Structural Makeup of the Security Program

This describes the way in which the group is organized. It can be one group for the organization, multiple groups per business unit or something in between.

Functional Capability of Health Security Program

Any healthy security program must be able to do 4 things:

1. Sets a benchmark for security

2. Ability to measure against a benchmark

3. Enables management decisions

4. Supports execution of those decisions

Management of Security Architecture

The security architecture in an organization is the people, process, and technical safeguards that either prevent security events from occurring (preventive safeguards) or detect if they have occurred (detective safeguards.)

A key responsibility of a security program is to manage the effectiveness of these safeguards, as well as to ensure that they are appropriate for the environment.

Mike Gentile

CISOSHARE’s President and CEO
Mike Gentile has been helping organizations build Information Security Programs for more than 20 years. He has written multiple recognized books on the subject, provided hundreds of presentations, and built many Security Programs in both internal and external consulting roles