"...outline a model IP security program promoted by the Information Systems Audit and Control Assn. (ISACA).An excellent, terse series of IT security job descriptions and qualifications guidelines is included." --Security Letter

Information Protection Function 1: Governance

Information Protection Function 2: Program Planning

Information Protection Function 3: Risk Management

Information Protection Function 4: Incident Response Management

Information Protection Function 5: Program Administration

Appendix A: Playbook Summary

Appendix B: Board of Directors Presentation

Appendix C: Information Protection Policies Checklist

Appendix D: An Example Roles and Responsibilities RACI Matrix

Appendix E: Risk Prioritization Procedure Matrix

Appendix F: Security Awareness and Training Menu

Appendix G: Risk Assessment and Compliance Checklist

Appendix H: Incident Response

Appendix I: Facility Management Self-Assessment

Appendix J: Roles in Information Protection

Appendix K: Measurement in Information Protection

Additional Resources

Greg Kane has held a director role for the Security Executive Council since 2006. In this role he is responsible for mitigating risk as it applies to IT systems and the extensive intellectual property assets contained within. He has been responsible for disaster recovery and business continuity for various organizations for over 20 years. His work experience also includes analysis of security-related regulations, standards, and guidelines in order to encourage efficient and value-added compliance management. Greg leverages his strong skills in research and analysis to write a monthly security newsletter published to an audience of over 10,000 security practitioners. Before joining the Security Executive Council, Greg provided services to multiple businesses from retail to high tech manufacturing. This included more than 10 successful years with a leading international business consulting services provider. Greg's educational background includes an MS degree in computer science and an MBA. Lorna Koppel has been the VP, chief information security officer (CISO) for Iron Mountain since January 2013. Her role is designed to bring focus to growing information security (IS) needs and to deliver an effective global IS program to protect Iron Mountain's proprietary and confidential information, customer information, and the technology infrastructure.

Her key responsibilities at Iron Mountain include overseeing IS governance, including global policies, standards, and the technology architecture strategy; assessing and managing IS compliance and assurance needs for Iron Mountain's customers; and overseeing the Computer Incident Response Center, technology risk assessments, and risk management processes.

Lorna has an extensive background in IS with over 20 years of experience in security and systems administration, risk analysis, and the implementation of high-profile global strategic initiatives. Throughout her career, she has worked closely with senior leaders and cross-functional teams to develop and execute strategic and tactical security programs, as well as develop strategies to address regulatory compliance mandates and other security-related requirements.

Prior to joining Iron Mountain, Lorna was the CISO for global consumer goods manufacturer Kohler, and director of global security at network service provider BT/Infonet Services Corp. She began her career as a meteorologist with the US Air Force and has degrees from Bowling Green State University, Penn State, and the State University of New York at Albany.

In November 2010 Lorna was recognized as one of the industry's "Most Influential People in Security” in the information technology/cyber security practitioners category by Security magazine.