ABSTRACT
Understand the steps involved in creating an efficient and successful informa-◾ tion security management program. Explain corporate governance and how information security relates to corpo-◾ rate governance. Understand the goals of information security. ◾ Explain the difference between information security and IT security. ◾ Understand the duties inherent to information security and the alignment of ◾ information security to business needs. List the roles and responsibilities of the chief information security officer. ◾ Understand the proper organization structure of information security. ◾ Explain different functional areas related to information security. ◾ Understand the individual traits, qualifications, certifications, and experi-◾ ence required by an information security professional. Explain the steps and process involved in hiring information security ◾ professionals. Understand the importance of conducting comprehensive background checks ◾ on information security personnel. Explain the importance of information security. ◾
Understand information security concepts. ◾ Understand the laws governing information security. ◾
ISACA, 2007
The first step in creating a successful information security management program is to determine what the goals and objectives are for an organization. Information security must be aligned with these goals and objectives. It must also take into consideration the overall corporate governance of the organization. We will discuss corporate governance in more detail in the next section.
