The key initiatives that you define take your strategy and define it down further to tasks that you want to implement to improve the overall security of your organization. You still want to follow all previous guidance ensuring that you are aligning these initiatives with the needs of your organization.

The following example initiative can be used as a template for your information security program:

• Initiative: Security policy, standards, and guidelines framework.
• Enables strategic goal: Information security guidance—facilitate the protection of information systems and data by providing IT security policies, procedures, and supporting guidance.
• Description: Develop, approve, and implement information security policies, standards, and guidelines based on the standard for information security. These policies establish organization-wide responsibility for information protection.
• Benefits: The following are the benefits:
  • Established information security baseline for the entire organization
  • Repeatable implementation of information security controls across the enterprise
  • Information security policy that is established based on business need