An information security program is the entire set of activities, resources, personnel, and technologies used by an organization to manage the risks to its information assets.

Among the variables that determine how a given organization chooses to structure its information security (InfoSec) program are organizational culture, size, security personnel budget, and security capital budget. The first and most influential of these variables is the organizational culture. If upper management and staff believe that InfoSec is a waste of time and resources, or simply unimportant, the InfoSec program will remain small and poorly supported. Efforts made by the InfoSec staff will be viewed as contrary to the mission of the organization and detrimental to the organization’s productivity. Conversely, where there is a strong, positive view of InfoSec, the InfoSec program is likely to be larger and well supported, both financially and otherwise. There is a need for an alignment between the InfoSec program in place and the culture of the organization. When these are not well aligned, conflicts may result in the program being less effective.

For this project, prepare a 2-3 page paper (not counting your title page and references page) that addresses the following:

(a) Describe an InfoSec Program.

(b) Describe the functions that constitute a complete InfoSec Program.

(c) Describe the four areas the InfoSec functions should be divided into.

(d) Describe some of the various ways to implement an awareness program.

(e) When developing an awareness program, what priorities should you keep in mind?