The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

Read not to contradict and confute, nor to believe and take for granted, nor to find talk and discourse, but to weigh and consider.—Francis Bacon^[1]

Chapter Objective

This chapter, "Annual Reevaluation and Future Plans," describes the process that can be used each year to determine the successes and failures of the InfoSec organization and CIAPP, and a methodology that can be used to correct the failures and plan for the upcoming years.

^[1]Francis Bacon (1561–1626), English philosopher, lawyer, and statesman. Essays "Of Studies" (1625)—Encarta Book of Quotations & (P) 1999, Microsoft Corporation. All rights reserved. Developed for Microsoft by Bloomsbury Publishing Plc.