Abstract

Information assurance is the practice of managing risks pertaining to information and data processing environments. Effectively managing risk requires a deep understanding of the weaknesses that leave assets vulnerable and the controls that protect them. Over time, organizations will be required to assess the maturity of their information security program. An effective information security program will include elements of leadership commitment and participation, well designed and communicated policies and standards, effective and meaningful controls, an engaged user population, evidence of continuous improvement, and risk and compliance management.

Presented by