Chapter 8

Establishing a Cyber Security Program and Organization


The objective of this chapter is to describe how to establish a corporate cyber security program and its associated organization. A “what-if” approach is used in which a corporate security officer is shown to act in a certain way based on what is required of him or her by corporation in which that person is employed, using a fictional corporate environment.


Corporate cyber security program; Corporate information officer (CIO); Corporation overall policy document; Formal project management techniques; Information environment (IE); Off-site cyber security program; Strategic business plan (SBP); Tactical business plan (TBP)

We trained hard, but it seemed every time we were ...

Get The Information Systems Security Officer's Guide, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.