Resources will be consumed both by the security mechanisms
               themselves and by the security governance processes. Obviously,

               security mechanisms should consume as few resources as possible and
               impact the productivity or throughput of a system at as low a level as
               feasible. However, every hardware and software countermeasure as
               well as every policy and procedure users must follow will consume
               resources. Being aware of and evaluating resource consumption before
               and after countermeasure selection, deployment, and tuning is an
               important part of security governance and managing the security

               function.

               Managing the security function includes the development and
               implementation of information security strategies. Most of the content
               of the CISSP exam, and hence this book, addresses the various aspects
               of development and implementation of information security strategies.