Please describe thoughts on this - with 300 words

An organization's Information security program is designed to secure and protect critical assets within the organization. Organization leadership and security experts should have a clear understanding of the Laws, regulatory, and compliance requirements. An information security professional should not have a false preconception of the legal systems that an organization can be subjected to (Tipton 2009). Organizations are operating within a global economy where numerous international trade agreements and regulatory compliances are established to enhance and encourage trade and a free-market economy. An organization's security program should have controls to protect the organization's intellectual property such as (Patent, Copyright, Trademark, and Trade Secret). Technology is constantly improving, and threat actors are researching and developing new tactics and techniques to evade and bypass organization security controls. The controls mechanism that organizations implement within the security program should be developed around the following three principles Confidentially, Integrity, and Availability (CIA). This commonly known as the CIA Triad. Confidentially is base on the principle of least privilege, which means that a user of an information system should only have enough privilege to complete an assigned and approved task base on the organization's security policy. Integrity ensures that the data created, stored, or transmitted by the information is not tampered with or altered. Availability ensures that the information system is readily accessible and operational for members of the organization.