CHAPTER 5: DECEMBER - OH, FOR THE SAKE OF YET ANOTHER PROPOSAL …

Security improvement programme

In this particular instance, there was an initial budget to deliver a particular goal, then a realignment of expectations following the achievement of that goal. This was because in reality, what was put on the submissions that were required to be presented to external auditors was not the reality of what was actually going on inside the organisation. Not untypical. So a plan of action (in security terms, this is usually called a security improvement programme (SIP)) was put into place to address the compliance gaps. The gaps were way beyond just technological issues and spanned all three points of an imagined triangle of people, processes and ...

Get Once More Unto the Breach: Managing information security in an uncertain world now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.