Chapter 5 Developing Security Programs

Chapter Overview

Chapter 5 will explore the various organizational approaches to information security and provide an explanation of the functional components of the information security program. Readers will learn how to plan and staff an organization’s information security program based on its size and other factors as well as how to evaluate the internal and external factors that influence the activities and organization of an information security program. As the topic of organizing the information security function is expanded upon, the reader will learn how to identify and describe the typical job titles and functions performed in the information security program. The chapter concludes with an exploration of the components of a security education, training, and awareness program and describes how organizations create and manage these programs.

Chapter Objectives

When you complete this chapter, you will be able to: • Recognize and understand the organizational approaches to information security • List and describe the functional components of the information security program • Determine how to plan and staff an organization’s information security program based on its size • Evaluate the internal and external factors that influence the activities and organization of an information security program • List and describe the typical job titles and functions performed in the information security program • Describe the components of a security education, training, and awareness program and understand how organizations create and manage these programs

Set-up Notes

This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks