Software Engineering Institute

This article elaborates the description of an enterprise security program (ESP) discussed in Article 2: Defining an Effective Enterprise Security Program. It closely examines the governance elements of an ESP, including who is involved, their roles and responsibilities, governance activities required to implement an ESP, and a description of these activities.