enforce security practices. Top management support will provide
            budgets,  access  to  personnel,  authority,  and  credibility  for  the
            security  program.  A  security  program  will  affect  business
            operations  and  will  result  in  having  to  change  some  business
            practices,  even  though  it  may  impact  productivity  or
            performance. The security manager must be able to develop and
            design a security program that reflects business priorities and has
            the tact and skill to educate the personnel of the organization by
            convincing  them  of  the  need  for  security  and  their  personal
            responsibility for following security procedures.
            A security program will often be comprised of many individual
            projects and initiatives. It is vital to encourage the development
            of an enterprise-wide security architecture. Security should not be
            based solely on personal projects or applications since the result
            may be many different solutions with no interoperability - this
            lack  of  integration  and  loss  of  the  ability  to  leverage  existing
            components.



            Summary of the Introduction to Information Security
            Chapter
            This chapter sets out the foundation for an Information Security
            Program. This chapter addressed the core principles that the rest
            of the security program is based on: Senior Management
            Support, Defining roles and responsibilities, and the Creation of
            policy, procedures, baselines, and standards. These principles
            are based on the effort of the security professional to obtain
            support through clearly defining what information security is,
            making it measurable, and aligning security to business mission
            and strategy.