The information security program contained in Parts II and III of this book may not be for you. The program consists of a set of security standards that are guaranteed to prevent identity theft in all businesses regardless of size, type, or location, but developing and implementing these standards requires the time and interest of managers and employees. Another prerequisite, however, in addition to time and interest, is the psychological commitments of the chief executive officers—the motivation and devotion the CEOs give to the success of an information security program and the support they give to employees to help develop it.

The success of the program is, additionally, subject to the discipline and willingness of employee-manager teams working together. To develop and implement the information security program, teams must meet for up to four hours each week over several weeks to follow step-by-step and consecutively ordered exercises. The messages to executives and employees that follow may help to determine whether an information security program is feasible for your company at this time.