Information Security Program

For every security assessment conducted within an organization, there should be a list of action items to close any identified gaps. These action items should be transferred into a strategy for execution. Also within the organization, there should be an awareness plan which outlines all the activities for a year that will keep security in the forefront of the minds of all staff. The Information Security Program is a combination of the Security Strategy and Security Awareness Plan, in line with the mission and vision of the organization.

Control Objective

  • Policy is documented, approved, followed, reviewed, and updated regularly
  • Policy should be standards-based in order to evolve over time
  • Include Appropriate Use so employees know what they may and may not do

Resources

Information Security Program Template