The best security programs build upon
an underlying security philosophy that has been crafted by upper
management after careful consideration of their organization’s
risk profile and the level of risk the organization is willing
to bear.
This security philosophy should drive every security activity
that the organization undertakes. It should form a framework
for strategic security-related decision-making, such as: "What
approach should we take to safeguarding our critical resources?"
"What balance should we strike between resource openness
and resource lock-down?" "How will we structure our
internal security organization?" And, "How will we
regulate employee and contractor behavior in the interest of
security?"
Management’s commitment to the security philosophy should
be communicated throughout the organization, both overtly and
by supportive decision-making in areas such as security funding
and staffing. |
