The governance pyramid is built bottom-up with policy, standards, process, procedures, and guidelines. To be effective, the structure needs to be organized, consistent, and aligned with to policy and business need.
Security as a Process (SAAP) and the classification of information is fundamental to information security. This article, the second in a three-part series, looks at the "how" of information security and why it is so important.
Information security is a multifaceted field, covered with tempting baubles and sharp thorns. However, the unifying framework upon which the whole field is suspended is governance. This article, the first in a three-part series, looks at standards and policy—from why policies are needed and what needs to be done to support them.