Page 14 - CISSO_Prep_ Guide
P. 14
integrated into the design and building of the information
system. Security cannot be an afterthought or excellent option to
have if time and budget permits. Security must be integrated into
every business process and policy.
A central requirement for a security program is that it is led and
managed correctly. This is the heart of governance, and effective
governance is one of the primary demands placed on an
organization today. The assets of the organization must be
identified and protected. Senior management must actively work
to understand the risk faced by the organization and create a
culture of stability, accountability, and compliance. The security
manager must work with the senior management team through
reporting, recommendations, strategic plans, and demonstrating
leadership in incorporating security into the organization's
governance framework.
To many security workers, security is all about being busy.
There are many demands on a security professional's time.
There are never enough resources, time, or support to
accomplish everything the security professional needs to get
done. But a true professional knows that some of the most
valuable time is when there is the opportunity to learn, explore,
design, and discover. The security manager is not just another
worker. She is busy juggling the demands on her time and
setting priorities; she knows that planning is a crucial factor in
efficiency, success, and long term sustainability. The security
professional knows the value of a plan before building, thinking
before doing, and having a comprehensive vision that goes
beyond individual problems, individual systems, or immediate
requirements. The security professional knows the value of
engineering and architecture.
