A security awareness program is a formal program with the goal of training users of the potential threats to an organization and how to avoid situations that might put the organization’s data at risk.
Strategic plans define the need for an action, the impact of that particular action and driving forces behind the action. Security strategy in any organization starts with an in-depth analysis of their business.
The military strategy called “Defense in Depth” can be applied to cybersecurity. It has defenders deployed in a series of pre-planned positions from which they can advantageously attack the advancing enemy.
Excerpt from GARP.org Oversight should be grounded in sound management practices By David X Martin Corporate boards of directors have a…