Components of a good Infosec Strategy

A good information security strategy should incorporate four things: proactive security management rather than point-in-time compliance; cost-effective security initiatives to meet regulatory requirements; within the bounds of operational challenges; and capacity to address risks from emerging technologies. -- Gerry Chng, Far East Area information security champion, Ernst & Young
Src: Study: back-to-basics security strategy the way to go | The Industry Standard

No comments: