How to define the security program, adopt best practices, assign roles and responsibilities. How to determine what needs to be protected, identify threats to security and privacy of information assets, manage remediation of weaknesses. How to offer new employee training, ongoing user awareness, security staff education/certification. How to create an effective incident response plan, law enforcement notification, customer breach notification, forensics and preservation of evidence.

• Develop the Security Program and Policy. 
• Manage Security Risks. 
• Provide User Awareness, Training and Education. 
• Respond to Incidents. 
• Plan for Security. 
• Organize for Security. 
• Establish and Enforce System Access Controls. 
• Implement Configuration Management Process. 
• Monitor Security Posture. 
• Plan for Contingencies.