
115
12Chapter
Information
Security Program
Development Metrics
Information security program development is considered the process of imple-
menting strategy into operational use. is will typically result in a series of proj-
ects or initiatives as the result of developing a strategy that meets the strategic
objectives of the organization. It is the series of activities that over time results in
achieving the “desired state” of the information security program, as discussed in
Chapter 7.
e projects undertaken to achieve program objectives can utilize standard proj-
ect management approaches such as Prince II and metrics not unique to informat