Information Security Programs: Defining And Managing To Operational Success

On the surface, building an information security program may appear as is in its name, a single program. However, in reality, there are countless elements — sub-programs and adjacent programs, if you will — that comprise a comprehensive information security program.

In this conversation, we explore the overarching program, of course, including:
- Who owns the program
- How to secure funding for the program
- How to define and measure success
- How to communicate progress, accomplishments, failures, and challenges
- Common best practices for a program

But, we will also look at all (or, as many as we can) of the sub-programs or adjacent programs that support the main InfoSec program. Things like network security, DevSecOps, risk management, data protection, regulatory compliance, and incident response — just to name a few.

Join us for this conversation and bring your questions about how best to plan, prioritize, budget, staff, and implement a successful information security program.

It's time to explore reality.


Mari Galloway
CEO and a founding board member for the Women's Society of Cyberjutsu (WSC) [@womenCyberjutsu]
On LinkedIn |
On Twitter |

James Leslie
CIO at Cambridge Housing Authority [@CambHousing]
On LinkedIn |
Cambridge Housing Authority |


This Episode’s Sponsors

Be the first to comment