The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

We trained hard, but it seemed every time we were beginning to form up into teams, we would be reorganized. I was to learn later in life that we tend to meet any new situation by reorganizing—Petronius Arbiter^[1]

Chapter Objective

The objective of this chapter, "Establishing a CIAPP and InfoSec Organization," is to describe how to establish a corporate information assets protection program and its associated organization.

^[1]Petronius Arbiter (27–66), Roman satirist. Satyricon (1st century) as quoted in Microsoft's Encarta World.