Chapter 8

Establishing a Cyber Security Program and Organization

Abstract

The objective of this chapter is to describe how to establish a corporate cyber security program and its associated organization. A “what-if” approach is used in which a corporate security officer is shown to act in a certain way based on what is required of him or her by corporation in which that person is employed, using a fictional corporate environment.

Keywords

Corporate cyber security program; Corporate information officer (CIO); Corporation overall policy document; Formal project management techniques; Information environment (IE); Off-site cyber security program; Strategic business plan (SBP); Tactical business plan (TBP)

We trained hard, but it seemed every time we were ...

Get The Information Systems Security Officer's Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.