ABSTRACT
In this chapter, I discuss both the traditional content of the security master plan and where to establish limits. Should we include things like business continuity in the plan? Should we include crisis and emergency? What about a cybersecurity plan?
The issue of change will then be exposed. A new security manager will always bring changes in security processes, and these changes will rarely be welcome. How to plan and prioritize these changes will be discussed, as well as the necessity—or not—of involving employees through consultations or awareness programs.
