Security professionals are besieged with maturity models and control frameworks and regulatory requirements, all in the name of protecting the organization. But do strong security programs actually reduce risk? How can they be tested? What are the key elements of a program? Participants will discuss these topics in search of tips and tactics for a successful program.