In this chapter, you will learn about
• Security program frameworks, scope, and charter
• Security program alignment with business processes and objectives
• Information security frameworks
• Security program management administrative activities
• Security operations
• Internal and external audits and assessments
• Metrics that tell the security management story
This chapter covers Certified Information Security Manager (CISM) domain 3, “Information Security Program Development and Management,” representing 27 percent of the CISM examination.
Security program development represents a wide assortment of activities in an organization. Most of these activities have a ...