Creating a Culture of Security - Top 10 Elements of an Information Security Program

Creating a Culture of Security - Top 10 Elements of an Information Security Program
The Obama Administration has a heavy emphasis on information security, and already we're seeing greater attention paid to cybersecurity and FISMA reform. Now is the time for government agencies to benchmark and strengthen their information security programs.

Learn from security veteran Patrick Howard, CISO of the Nuclear Regulatory Commission, how to:

  • Develop the Security Program and Policy
  • Manage Security Risks
  • Provide User Awareness, Training and Education
  • Respond to Incidents


The Federal Information Security Management Act of 2002 (FISMA) mandates that each federal agency develop a program to provide information security for data and systems that support the agency's functions.

And while agencies have had varying success meeting the demands of FISMA, the Obama Administration has ushered in a new wave of information security proponents eager to bolster these programs and create a new, higher level of cybersecurity throughout government.

But how does an agency first benchmark, then strengthen, its information security program?

Patrick Howard, a veteran security leader who currently oversees information security operations at the Nuclear Regulatory Commission (NRC), proposes a 10-step program to ensure solid protection. In this exclusive webinar, Howard will outline these 10 critical steps, including:

Develop the Security Program and Policy - How to define the security program; adopt best practices; assign roles and responsibilities.

Manage Security Risks - How to determine what needs to be protected; identify threats to security and privacy of information assets; manage remediation of weaknesses.

Provide User Awareness, Training and Education - How to offer new employee training; ongoing user awareness; security staff education/certification.

Respond to Incidents - How to create an effective incident response plan; law enforcement notification; customer breach notification; forensics and preservation of evidence.

Other areas Pat will touch upon:

  • Plan for Security
  • Organize for Security
  • Establish and Enforce System Access Controls
  • Implement Configuration Management Process
  • Monitor Security Posture
  • Plan for Contingencies

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.