Please enable JavaScript.
Coggle requires JavaScript to display documents.
GOVERNANCE AND STRATEGIC PLANNING FOR SECURITY - Coggle Diagram
GOVERNANCE AND STRATEGIC PLANNING FOR SECURITY
Role of planning
precursors of planning
to implement effective planning
organizational planning include
mission statement
explicitly declares the business of the organization and its intended areas of operations
vision statement
idealistic expression of what the organization wants to become
values statement
establishing a formal set of organizational principle and qualities in a values statement
Strategic Planning
process of defining and specifying the long-term direction to be taken by an organization
Planning levels
strategic plans are used to create tactical plans, which are in turn used to develop operational plans.
tactical planning
has more short term focus than strategic planning
Operational planning
used by manager and employees to organize the ongoing, day-to-day performance of task
basic component of a typical strategic plan
executive summary
mission, vision and value statement
Organizational profile and history
Strategic issues and challenges
Tips for Planning
Work from an overarching plan that has been developed with the input from key stakeholders
use process that fit the organization culture
Endeavor to bring a sense of logical analysis of the objectives and what has been accomplished
make planning a process that engages al involved to work toward the common objectives
INFORMATION SECURITY GOVERNANCE
Set of responsibilities and practices exercised b the board and executive management with the goal of providing strategic direction.
ITGI Approach to information Security Governance
include the accountabilities and methid undertaken by the board of directors and executive management.
NACD infosec Governance Board of Director Essential Practice
place infosec on the board agenda
Ensure the effectiveness of the corporation infosec policy through review and approval
identify infosec leaders, hold them accountable, and ensure support for them
Assign infosec to a key committee and ensure adequate support for that committee
Benefits of information security Governance
optimization of the allocation of limited security resources
Assurance of effective infosec policy and policy compliance
an increase in share value for organization
security convergence
the convergence of security-related governance in organizations has been observe since the broad deployment of information system began in 1970 and 1980
Benefits of security convergence
significantly lower cost
use existing servers to make the decision
use existing IT infrastructure to keep the system running
save significant hardware money to spend on other security measures
Planning for Information security implemtation
The CIO and CISO play important roles in translating overall strategic planning into tactical and operational information security plans
investigation in the SecSDLC
often begin as directive from management specifying the process, outcomes, and goals of the project and its budget
analysis is the SecSDLC
includes an analysis of relevant legal issues that could affect the design of the security solution
Implementation in the SecSDLC
the security solutions are acquired, tested, implemented and retested
InfoSec Project Team
Should consists of individual experience in one or multiple technical and nontechnical areas
Function or staffing the InfoSec Function
The InfoSec community of interest plan for the proper staffing of the information security function
the organization must decide how to position and name the security functions
The IT community of interest must understand the impact of information security across every role in IT
InfoSec Professionals
Security Managers
Data Owners
Chief Information Officer (CIO)