In this chapter, we covered introductory topics on implementing an effective information security program. We discussed the following:

• Information security challenges faced by the organization and the information security program
• The evolution of cybercrime over time and its impact
• The role of information security in the organization
• The concept of confidentiality, integrity, and availability
• An introduction to information security assessments
• An introduction to risk management
• The roles of information security standards and training
• How awareness and training benefit the organization

In the next chapter, we will define the threat landscape. We will be discussing the people, processes, and technologies that need to be defended against to ensure your organization's continued security.