Section 2 – Building an Effective Program
This section is dedicated to building on the foundational knowledge in Section 1 to build or improve an information security program. There are some timeless information security best practices that are as relevant today as they were decades ago. Interestingly, these timeless best practices are the ones that are routinely ignored in security programs. Next, it is important to address the weakest link in the program by building an effective security awareness program. Most companies perform security awareness training. Few succeed in educating their workforce. We will explore what they’re doing wrong and how to do it better. Finally, there are additional capabilities that should be deployed to secure the modern enterprise that may not have been necessary previously.
This part of the book comprises the following chapters:
- Chapter 4, Protecting People, Information, and Systems with Timeless Best Practices
- Chapter 5...
