A CISO entering a new organization faces the challenge of assessing and creating/modifying a security program based on the current and future states of the company’s mission. Creating an information security program for an organization is not easy; each program needs tailoring to implement the organization’s mission. While programs might have similarities at the macro level, customizing at the micro level is bespoke to each company.

Let’s start with dissecting a potential approach the CISO can use. Understanding the key stakeholders (people), the processes that drive and support the organization, and the technology needed to deliver that mission. Understanding the key stakeholders goes beyond just those responsible for the security program; it also includes those that a CISO will support to ensure that she can help enable the business mission. In collaborating with those stakeholders, she will understand the parts of the business mission they support, the current pain points each might…