- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
The Many Facets of an Information Security Program
- Abstract
- This document is a review of the various programs and processes that should be in place within any organization for the protection of their information assets. The many areas of any organization's security program play key roles in supporting the certification and accreditation (C&A) process of an organization's information assets. The supporting areas along with the C&A and post C&A activities make up an organization's information security program. Five primary sections herein outline an information security program baseline. The first section is a high-level overview of an information security program. The second section identifies the laws and regulations that require an information security program. The third section identifies supporting security standards and best practices. The fourth section gives an overview of the accreditation's supporting programs. The last section address the C&A methodology, an outline of the methodologies output and the post accreditation activities.