Services
Services Overview Information Security Policies Infosec Audits
Solutions
WISP - Written Information Security Program iO™ ClickSafe eMail
Resources
Email Deliverability Check Email SPF Checker DKIM Checker
iO™ Media
Blog Podcast - Cash in the Cyber Sheets
About Us
Contact Us About Us Input Output ADA Compliance Statement Privacy Policy Satisfaction Guarantee Terms & Conditions
CONTACT US

#66: Cash in the Cyber Sheets - The Four Pillars of Your Information Security Program, Plan, Do, Check, Act

Season #1

In this shorter solo episode of Cash in the Cyber Sheets, James breaks down the four core structures often referred to as the Plan Do Check Act cycle that serve as the foundation of a successful information security program. While “pillars of security” might sound like something only a compliance consultant would get excited about (guilty as charged), the reality is these four steps are what keep your program from feeling like an endless game of whack a mole.

We explore what it means to PLAN your program with intention, DO the actual work of implementation, CHECK to ensure controls are functioning as expected, and ACT on findings to continuously improve. This simple cycle is more than a framework. It is a way to create rhythm and repeatability so your security program does not collapse under the weight of its own policies.

James also shares why approaching your program through the PDCA lens makes managing security not only easier but more strategic. If you are pursuing a certification such as ISO 27001 or PCI DSS or trying to align with frameworks like NIST or the FTC Safeguards Rule, applying this cycle ensures you are in a strong position when the auditors come knocking. Even if you are not certification bound, PDCA gives you clarity. It helps you understand where you stand today, where you are falling short, and how to fix it without wasting resources.

By the end of this episode, you will walk away with a clearer picture of how to implement, manage, and review your security program in a way that feels less like chaos and more like controlled progress. Whether you are a business owner wearing the accidental CISO hat or an IT lead trying to get leadership buy in, these four pillars can help you build confidence, streamline your efforts, and stay ahead of both threats and compliance headaches.

So grab your coffee (or something stronger,... no judgment) and join James for a practical, no fluff breakdown of why PDCA should be your new best friend in cybersecurity.