Stress that an information security program begins with policies, standards, and practices that are the foundation for the program and its blueprint. This will require coordinated planning, and it should be done regardless of an organization’s size.
Denote that the information security (InfoSec) team’s goals are different than information technology’s goals. Hence, the primary focus of the IT group is to ensure the effective and efficient processing of information, whereas the primary focus of the InfoSec group is to ensure the confidentiality, integrity, and availability of information.
Propose to students that even though security slows down information, the validation, verification, and assessment against attacks is worth the sacrifice so that an organization can run properly.
List out “the six Ps” of information security management: planning, policies, programs, protection, people, and project management. These are discussed further in the subsections below.