December 23, 2021 by Admin
The FIRST step in establishing an information security program is to:
- define policies and standards that mitigate the organization’s risks
- secure organizational commitment and support.
- assess the organization’s compliance with regulatory requirements.
- determine the level of risk that is acceptable to senior management.