Welcome » IT Booklets » Information Security » IV Information Security Program Effectiveness
The information security program should be subject to periodic
review to ensure continual improvement in the program's
effectiveness. The review should address the program in the context
of the environment in which the program now operates, both within
the institution and outside. Lessons learned from experience, audit
findings, and other indicators of opportunities for improvement
should be identified and the program changed as appropriate.