Building a strong foundation is key to creating a first-class information security program. The author describes six characteristics that are imperative to building a strong foundation for the security program. The first characteristic, alignment, involves aligning the digital security program with the organization’s business practices and objectives. Enterprise-wide application, the second characteristic, is crucial in order to avoid the pitfalls of a unit-by-unit information security program. The third characteristic involves continuous development and improvement of the program, and the fourth characteristic is a proactive approach to mitigating risk. Validation by a third-party analyst is the fifth characteristic, while a strict adherence to a formal management style is the sixth characteristic of a solid information security management program.