ABSTRACT
Implementation of a FISMA-based information security program requires multiyear planning that is fully integrated with agency plans for accomplishing its mission. is includes both long-term (three to ˜ve years) strategic planning as well as tactical planning for the achievement of short-term objectives. For the purpose of this book, the purpose of strategic planning is to provide a path for the structured and systematic implementation of the information security program and its components, while tactical planning is seen as a means to achieve timely accomplishment of shorter-term objectives necessary for the continued eœectiveness of program components, or for achieving subordinate information security program objectives.
