Quality, Expert-Derived Cybersecurity Documentation To Keep Organizations Secure, Compliant & Resilient - No AI Slop!
Secure Controls Framework
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cart
Start Here
Products
Bundles
Updates
Reasons To Buy
Certification Options
Home
FAQ
What are the steps of the information security program lifecycle?

What are the steps of the information security program lifecycle?

Direct Answer

There are no official steps in an Information Security Program Lifecycle, since it is subjective and based on both personal preferences and organizational resources.

To avoid reinventing the wheel, the Security, Compliance & Resilience Management System (SCRMS) , a model that emphasizes that controls are the central pivot in cybersecurity and data privacy programs, provides nine (9) steps to create and maintain a cybersecurity program:

  • Establish Context;
  • Identify Applicable Controls;
  • Define Maturity Expectations;
  • Publish Governance Documentation;
  • Assign Stakeholder Accountability;
  • Prioritize Capabilities According To Risk;
  • Maintain Situational Awareness;
  • Manage Risk; and
  • Evolve Processes.

The SCRMS is a “how to build a cybersecurity program” playbook. SCRMS is designed to proactively address the strategic, operational and tactical nature of operating an organization’s cybersecurity and privacy program at the control level. The SCRMS is designed to:

  • Address both internal controls, as well as the broader concept of Supply Chain Risk Management (SCRM).
  • Focus on the need to understand and clarify the difference between "compliant" versus "secure" since that is necessary to have coherent risk management discussions.
Keep Exploring

Relevant ComplianceForge Resources

References

Authoritative Sources