Over the past few years, external threats have increased significantly through the birth of hacktivism, a rise in Cyberwarfare activities, increases in computer theft, and spread of malicious software.  In the same span of time, we have experienced a boom in new technologies like social media, mobile devices, and cloud services.  Although these technologies provide great promise for reduced costs, increased productivity, and new business functionality, they also introduce serious vulnerabilities that must be mitigated.  All of these threats, and the security controls used to mitigate these threats, must be managed through an Information Security Management Program (ISMP); otherwise, the impact of security controls to the overall security posture of the organization may be diminished.  A good ISMP ensures the most optimum use of IT security resources (i.e., budget, personnel, effort, etc.).  An ISMP is essential for the protection of intellectual property, personal information, and other corporate assets.  It is a continuous process that requires close monitoring of ever-changing external and internal threats to the organization’s business goals and objectives. More