As described in Chapter 7, the Four-Factor Model of Information Security is the guiding framework for the systematic procedures used by the Business Information Security Program (BISP) to secure your business’s identities. Recall also that all threats to information security and all information security solutions involve four valuable business assets:

1. People
2. Work processes
3. Proprietary information
4. Property (virtual and actual)

The BISP secures these four fronts through standards developed in a series of exercises sequenced throughout Chapters 8 to 22. Conveniently, all businesses can utilize the same exercises to establish and maintain security.

There is one end product for each standard: a security document or report. The resultant set of documents or reports are the Security Standards that collectively comprise the Business Information Security Program. By the time a business completes all the exercises in the chapters, it will have its own distinctive BISP because, even though the exercises and the standards are uniform for all businesses, the tangible end products—the security documents—are specific to the characteristics of job positions and work processes unique to each business.

The format for the exercises is consistent throughout the chapters: first, the goals are stated, then the objectives are specified, and, last, background information in the form of an orientation describes the requirements for conducting ...