Cybersecurity program

Cybersecurity Program

By John Bandler

Almost every organization needs a cybersecurity program. A cybersecurity program means the organization is actively managing cybersecurity issues and their information assets. It protects against cybercrime and might be legally required.

"Cybersecurity program" is two words, let's break it down.

Cybersecurity: is just cyber + security. The process of securing digital information assets and protecting from cybercrime. For practical convenience think of it being the same as information security (e.g., securing all information assets, not just digital information assets). The objectives of cybersecurity are confidentiality, integrity, and availability (CIA) of information systems. I define it further in my short article on cybersecurity, and delve deeper in other articles.

A program means performing continuing activities to do various things needed to address the issue -- in this case cybersecurity. Cybersecurity is a broad endeavor, so a "cybersecurity program" anticipates a continuing pursuit with several components such as:

• Cybersecurity policy (written document that is known, followed, updated)
• Incident response plan
• Management (governance) of the issues and information systems, with people in charge and people consulted
• Decision making (using facts and logic, when faced with the many decisions and options to be considered)
• Training (cybersecurity is about people, and they need knowledge and awareness)
• And so forth.

I used to say "most organizations need a cybersecurity policy" but this statement is not clear enough for some. There are organizations with a policy but nobody knows about it and there is little point in that.

Now, my focus is on a cybersecurity program, which entails the above components. We can start with a policy that works, is consulted and followed, plus the other parts of the program which will be specified within a good policy document.

As I work on an organization's cybersecurity, I focus on three main goals (1) protect from cybercrime, (2) comply with legal requirements, (3) improve efficiency and improve the management of information systems.

The overarching motivation should be continual improvement. Good organizations work to continually improve their cybersecurity, how they manage information assets, and other areas of management and operations.

A cybersecurity program is part of information governance.  Information governance is basically how you manage your information systems and information assets (see link below for definition of that term).

Additional links

• Cybersecurity Services
• Introduction to Cybersecurity and Information Security
• Bandler's Four Pillars of Cybersecurity
• Cybersecurity Tips From John Bandler
• Cybersecurity Policy (Free Version)
• Cybersecurity things to know
• Policies and Procedures Book
• Cyberlaw book
• Cybersecurity for attorneys (course outline)
• Cybersecurity and Cybercrime Prevention (course outline)
• Cybersecurity course at Udemy
• Key terms definitions
  • Cybersecurity
  • Information Security
  • Information asset
  • Information governance

This page is hosted at https://johnbandler.com/cybersecurity-program. Copyright John Bandler, all rights reserved.

This page is a key terms definition article.

Page posted 1/30/2025. Updated 2/04/2025