Last Week As A vCISO

Share this post
Elements of a Good Infosec Program
www.lastweekasavciso.com

Elements of a Good Infosec Program

Some are more advanced / comprehensive than others so keep that in mind.

Ayman Elsawah
Mar 14, 2021
Share this post
Elements of a Good Infosec Program
www.lastweekasavciso.com

I’ve been interviewing candidates lately helping clients fill information security leadership roles. Sometimes when I need to baseline the candidate, I’ll ask them to list for me all the elements of a good information security program, or variations thereof.

So here’s a quick list of elements of a good infosec program, in no particular order. Some are more advanced / comprehensive than others so keep that in mind.

  • Infosec Policies and Governance

  • Bug Bounty Program

  • SAST / DAST Checking

  • Secrets Management

  • OKR’s

  • Endpoint Security

  • Incidence Response Plan (Calling this out outside of Policies above because it’s often missed. If you had nothing, I’d rather you had a good IR plan than a bunch of template policies no one has looked at. Want next level? Do some tabletop exercises. /rant )

  • Security Awareness Program

  • Email and Phishing Protection

  • Disaster Recovery Plan

  • Security Operations

  • Security Architecture

Ok, there you go. It’s not a super comprehensive list, it’s 80% of it at least. Just a quick brain dump of items off the fly at 10pm at night!

Have an awesome week!

Comment
Share
Share this post
Elements of a Good Infosec Program
www.lastweekasavciso.com

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 Ayman Elsawah
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing