What is a Security Program? Who Leads It?
A security program is a system for protecting the confidentiality, integrity, and availability of information within a business.
If you were to walk into an organization and ask “Where is the information security program?” you would most likely get this answer… It is the group within the organization that is charged with the task of managing security, but who are they exactly?
Watch Exclusive Video: Tips & Techniques to Enable Informed Decision Making from your Information Security Program
Who in the Organization is the Security Program led by?
In most organizations, the information security program will be led by the Chief Information Security Officer or CISO. This job is often also called the manager deputy director, director or vice president of information security.
Documentation Security Program Produce
The most common known documentation of a security program is represented in the suite of security policy documentation and the security program charter.
The security program charter, describes the mission and mandate of the security group, while the security policy documentation policies describe the rules of the road for the organization as it relates to information security.
Structural Makeup of the Security Program
This describes the way in which the group is organized. It can be one group for the organization, multiple groups per business unit or something in between.
Functional Capability of Health Security Program
Any healthy security program must be able to do 4 things:
1. Sets a benchmark for security
2. Ability to measure against a benchmark
3. Enables management decisions
4. Supports execution of those decisions
Management of Security Architecture
The security architecture in an organization is the people, process, and technical safeguards that either prevent security events from occurring (preventive safeguards) or detect if they have occurred (detective safeguards.)
A key responsibility of a security program is to manage the effectiveness of these safeguards, as well as to ensure that they are appropriate for the environment.