ABSTRACT
This chapter provides the proper information security governance for the organization. It also provides insights into a few of the gotchas, which will occur during the life cycle of building and maintaining an effective security program, to watch out for, as any one of them has the capability to put the security officer and his or her department in a position where they could lose credibility with their peers and make implementation of the security program difficult at best. The technical and analytical competence and desire may exist within the information security department, however, there will always be new technologies and new ways of solving problems to consider. It is important to identify which skills are contained within information security and which skills are resident outside the security department. If end users are habitually appearing on information security violation reports, then these need to be reported to management for training and corrective action.
