Although presented as the last chapter in this book, development of a (cyber)security program should be a well thought-out exercise, performed before starting any other security-related tasks. Without proper planning and clear direction, implementing security will quickly feel like you are trying to hit a moving target. A security program should be tailored around an organization's objectives and desired security posture, yet adhere to commonly used, industry adopted standards for implementing security. This chapter will take you through the process of a security program development.
Topics covered in this chapter include:
- Security policies, procedures and guidelines
- Security program development
- Risk management