Business Requirements Analysis—Step 1 of 3
Follow the methodology introduced in the previous section to guide the development of your program. This includes first evaluating your unique business requirements to form the boundaries of the information security program. Major areas that you will evaluate include the strategic objectives for your program, your company's business environment, and tactical issues that you need to address immediately.
As we have emphasized, people, processes, and technology are the major components of an information security program. It is important that you carefully balance these areas because it is easy to focus on a single area such as technology and overlook other important components. Company size and complexity, ...
Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.