The information security program is a task for the ISSO. The supporting programs are all in best interest of the organizations security of its information and credibility received for its advance security system. The following is a list forming a suitable security program.
• Security Policies: The purpose of an information security program is to reach out beyond most information technology …show more content…
SANS computer security incident handling step by step was published with a proper listening of an IRP.
• System Security Plan: An overview of the security requirements are listed out. This includes expected behavior and targets to be achieved by individuals while using the system. The requirement of the system security plan is vital as it lays down the ground rules to be followed to avoid issues.
• System Development Life Cycle: It is a traditional process applying a set of logical systematic activities, phases, to develop, implement and operate the system. Each phase ensures reduction of cost of security required by integrating and implementing security in to the life cycle process of the system. NIST identifies five common phases in the SDLC process that have some security related actions. • Initiation Phase • Acquisition/Development Phase • Implementation