Explaining how to resolve immediate tactical needs, transform security needs into stategic goals, and put programs into operation with full lifecycle management, this informative guide enables both executive management and IT professionals to validate existing information security programs and build new business-driven security programs.