Information Security today is Governed by Regulations, Standards, Guidelines and Industry Best Practices. They provide for frameworks, methodologies and approaches to attain Information Security baselines. Compliance to any of them is just meeting these baselines, but there is more to be done over and above the compliance. Compliance achievement is something that holds importance with the industry, but more is to the Management of Sustenance with increased maturity of the Information Security Program and the overall Information Security Posture. Any Security Program aimed at Compliance does not reflect in the organizational effectiveness as the program that is driven by the Top Management and that precipitates to the Grass Root Level.
An efficient Information Security Program brings in paradigm shift in organizational work culture, infusing the Business Process Reengineering to imbibe Security Practice as the Core of Business Operations.