Security Governance & Leadership

Part 1 of a series on creating information security policies Contents * Security Starts at the Top (or, Governance Makes or Breaks Your Security Program) * Disclaimer * Why Governance Comes First * The Information Security Policy: Setting the Tone * Risk Management: Replace Guesswork with Discipline * Roles and Responsibilities: Eliminating the Accountability Gap * What Auditors Look For * Common Pitfalls to Avoid * Governance as a Force Multiplier * Afterword about Infosec Policy an