In order to stay healthy, we need to exercise regularly. To maintain our information security program's fitness, we need to exercise it as well.