Implementing an Information Security Program

Design a pragmatic cybersecurity program. Learn how to establish the right goals, manage your team, and demonstrate compliance and progress.

Introduction

• Protect against cyberattacks
• What you should know

1. Defining Key Terms

• What is information security?
• Cybersecurity overview
• Cyber resilience overview
• Risk management overview
• Challenge: Prepare and recover
• Solution: Prepare and recover

2. Cybersecurity Program Goals

• Achieve your customers’ expectations
• Cyberattack and failure resilience
• Compliance with laws and regulations
• Executive and BOD support
• Challenge: Customer security requirements
• Solution: Customer security requirements

3. Cybersecurity Program Components

• Essential functions of a program
• Determine your role
• Build a team
• The need for management
• The need for leadership
• Challenge: Core competencies
• Solution: Core competencies

4. Structuring a Cybersecurity Program

• Sources of controls
• Organize around cyber resilience
• Information security program design
• Challenge: Customer requirements
• Solution: Customer requirements

5. Demonstrate Compliance and Progress

• Communicate with executives
• Communicate with stakeholders
• Communicate with auditors
• Construct an annual program of work
• Challenge: Optimize a cybersecurity program
• Solution: Optimize a cybersecurity program

Conclusion

• Next steps for cybersecurity programs