Speaker: Abu Sadeq
In a typical organization, the CEO has a list of business goals and objectives that trickle down through chain of leadership. Information security supports the business in achieving these objectives. To begin the development of a strategic plan for security it is essential to understand the business objectives and the key elements of the information security function. Business objectives can be analyzed to identify dependencies on security. The security objectives can then be defined in terms of the business objectives. Weaknesses in information security can jeopardize an organization’s mission, threaten its profitability, and invite fines and penalties from regulatory bodies. As IT leaders, we need a clear vision for security, the ability to communicate its relevance and the managerial discipline to deliver its full value. A more effective means of managing the impact that IT risk can have on the business involves taking a holistic approach.