Skip to content

Security Program Justification (FTC v. Wyndham Worldwide Corp.)

Use this to justify the scope, resourcing, or structure of the security program; supports resource and organizational decisions.

Purpose

This justification explains why the scope and structure of the security program are necessary in response to FTC v. Wyndham Worldwide Corp., including capability gaps, risk reduction targets, and resource implications. It supports executive and board approval of sustained program maturity efforts.

Hallucinated writing examples

Scenario: In an illustrative period following the Third Circuit Wyndham decision and the stipulated injunction (time), the Chief Information Security Officer (role) prepares a security program justification (type) for Chief Executive Officer, Board Audit Committee (audience).

SECURITY PROGRAM JUSTIFICATION

To: Chief Executive Officer, Board Audit Committee
From: Chief Information Security Officer
Date: March 20, 2016
Subject: Security Program Scope, Structure, and Resource Request — Stipulated Order Execution

Program Mission and Context: Program mission is to maintain a comprehensive information security program capable of meeting stipulated-order obligations while reducing recurring franchise and payment-environment risk. Governance clarity and delivery capacity are essential for sustained compliance.

Scope and Current State: Scope includes franchise connectivity governance, privileged access controls, monitoring/retention, assessment remediation, and board reporting. Current-state capabilities exist but require additional consistency and operational depth across distributed property environments.

Gap Analysis and Recommendation: Gaps include fragmented visibility across franchise environments, aged assessment findings, and limited dedicated governance capacity. Options considered: (1) Recommended—add targeted resources for connectivity assurance, assessment closure, and governance reporting automation. (2) Minimal—no expansion; rejected due to order-compliance risk. (3) Full transformation program; not recommended this cycle. We request [X] FTE and [Y] budget with quarterly audit committee reporting.

Document-type guide: Security Program Justification

Writing tips: Writing best practices — Security Program Justification

© 2026 Yi Zhang. Licensed under the MIT License.
Last updated: 2026 April 17 9:37 AM