Mature and Cost-Effective Alignment of Information Security Programs to Strategic Business Objectives
I recently did a webinar for the Society for Information Management’s (SIM) Cybersecurity SIG group on the topic of ‘Mature and Cost-Effective Alignment of Information Security Programs to Strategic Business Objectives’. The recording of the webinar can be found here.
Here’s the abstract of the discussion: In a typical organization, the CEO has a list of business goals and objectives that trickle down through chain of leadership. Information security supports the business in achieving these objectives. To begin the development of a strategic plan for security it is essential to understand the business objectives and the key elements of the information security function. Business objectives can be analyzed to identify dependencies on security. The security objectives can then be defined in terms of the business objectives. Weaknesses in information security can jeopardize an organization’s mission, threaten its profitability, and invite fines and penalties from regulatory bodies. As IT leaders, we need a clear vision for security, the ability to communicate its relevance and the managerial discipline to deliver its full value. A more effective means of managing the impact that IT risk can have on the business involves taking a holistic approach.