In this chapter, we learned about the concepts necessary to develop an enterprise information security program plan. Remember that this program plan is a foundational document that will be used to establish how your information security program will function and interact with the rest of the business.
In this chapter, you learned:
- How to develop your information security program objectives
- You discovered elements that will assist you in creating a successful information security program
- We discussed aligning your information security program with the business
- We worked through key concepts in the development of the information security program plan
In the next chapter, we will be discussing continuous testing and monitoring. We will discover the various types of testing we can utilize to ensure information security controls have been deployed properly, and we will discuss how to best implement testing across the life of an information system.