Elements of a Good Infosec Program
Some are more advanced / comprehensive than others so keep that in mind.
I’ve been interviewing candidates lately helping clients fill information security leadership roles. Sometimes when I need to baseline the candidate, I’ll ask them to list for me all the elements of a good information security program, or variations thereof.
So here’s a quick list of elements of a good infosec program, in no particular order. Some are more advanced / comprehensive than others so keep that in mind.
Infosec Policies and Governance
Bug Bounty Program
SAST / DAST Checking
Secrets Management
OKR’s
Endpoint Security
Incidence Response Plan (Calling this out outside of Policies above because it’s often missed. If you had nothing, I’d rather you had a good IR plan than a bunch of template policies no one has looked at. Want next level? Do some tabletop exercises. /rant )
Security Awareness Program
Email and Phishing Protection
Disaster Recovery Plan
Security Operations
Security Architecture
Ok, there you go. It’s not a super comprehensive list, it’s 80% of it at least. Just a quick brain dump of items off the fly at 10pm at night!
Have an awesome week!
Create your profile
Only paid subscribers can comment on this post
Check your email
For your security, we need to re-authenticate you.
Click the link we sent to , or click here to sign in.