|
Evaluations and analyses of the entire CIAPP and InfoSec organization help maintain a proactive and current protected-information environment. The ISSO should remember the following points:
It is a good idea to evaluate the entire CIAPP and InfoSec functions on an annual basis.
The evaluation should include all projects and LOEs.
Changes should be made where value is added in terms of cost decreases, productivity gains, or time savings.
Executive management should receive a clear, concise, business-oriented briefing on the state of the CIAPP and IWC's current protected information environment on at least an annual basis.
Metrics charts should be evaluated at least annually, then eliminated or modified as necessary.
Link analysis methodologies are useful in determining the success of an InfoSec Program.
|