Not a Gartner Client?
Want more research like this?
Learn the benefits of becoming a Gartner client.
An information security program defines the enterprise's key information security principles, resources and activities. CISOs need to analyze, document and implement the components of a program that will enable the enterprise to deal with the challenges of cybersecurity and digital business risks.
Table of Contents
Document/Implement a Process-Centric Information Security Program
- Enterprise Security Charter
- Terms of Reference
- Governance Structures
- Annual Strategy Plan
- Security Processes
Strive to Continuously Improve Effectiveness and Efficiency
Match the Security Program to the Enterprise and Digital Business
- Document/Implement a Process-Centric Information Security Program
Gartner Recommended Reading