LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are the key steps to getting started with information security in an organization?

Start by getting management on board, then establish processes, define responsibilities, take a holistic view, and implement incrementally.

The five steps:

  1. Get management on board — Without executive sponsorship, nothing else works (resources, authority, priority)
  2. Establish an information security process — Make security an ongoing, managed activity rather than a one-time project
  3. Define responsibilities — Clearly assign who is accountable for what (CISO, data owners, system admins, etc.)
  4. Take a holistic view of security — Cover people, processes, AND technology — not just firewalls
  5. Implement step by step, continuously — Don't try to do everything at once; iterate and improve over time

Tip: This maps directly to establishing an ISMS (Information Security Management System) as described in ISO 27001. The iterative approach aligns with the PDCA (Plan-Do-Check-Act) cycle.

From Quiz: ISM / ISM Intro & Repetition | Updated: Jul 05, 2026