1

In Chapter 1 we discussed the role of the information protection professional, which has changed over the past 25 years and will change again and again. Implementing controls to be in compliance with audit requirements is not the way in which a program such as this can be run. There are limited resources available for controls. To be effective, information owners and users must accept the controls. To meet this end, it is necessary for information protection professionals to establish partnerships with their constituency. Work with your owners and users to find an appropriate level of controls. Understand the needs of the business or the mission of your organization. Make certain that information protection supports those goals and objectives.