Security Program Management and Risk

Information security should be managed as a program that requires the same degree of attention and responsibility as other resourced programs within an organization. This paper argues for building a security management program on a foundation of business risk assessment and risk management. It...

By

Archie Andrews

June 2, 2003

All papers are copyrighted. No re-posting of papers is permitted

Related Content

Stay Ahead Ransomware Incident Communications 340x340

Cybersecurity Leadership

Stay Ahead of Ransomware: Communication During a Cyber Incident

Learn the critical role of communications during cyber incidents

Mari DeGrazia

Thumbnail: Emerging Threats Summit 2025 340x340

Cybersecurity Leadership

2025 SANS Emerging Threats Summit Recap: Unpacking the Quantum Revolution (and How to Defend Against It)

Learn the seven key takeaways that security leaders should prioritize to prepare for the quantum era

Navigating DORA NIS2 Compliance EU Financial Organisations 340x340

Cybersecurity Leadership

Navigating DORA and NIS2 Compliance for Financial Sector Organisations in the EU

Practical insights on both DORA and NIS2 regulations. If you haven't started implementing measures yet, you're already late.

Jurgita Skritaite

Jurgita Skritaite