1. Please write a detailed paper on the creation of an information security blue

Question

1. Please write a detailed paper on the creation of an information security blueprint. The paper should summarize the information via the management’s responsibility and perspective in shaping policy and include the five goals of information security governance.



a. Strategic alignment of information security with business strategy to support organizational objectives

b. Risk management by executing appropriate measures to manage and mitigate threats to information resources

c. Resource management by utilizing information security knowledge and infrastructure efficiently and effectively

d. Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved

e. Value delivery by optimizing information security investments in support of organizational objectives

Explanation / Answer

Please see the below answers.

Answer:

a) Strategic alignment of information security with business strategy to support organizational objectives

Information security is required to protect information in business from preventing the secret data against outside interruption. To achieve organizational objectives , need to develop a strategic plan for security which is a key elements of the information security process that can be analyzed to identify dependent info of organization on security over business and environmental constraints such as threats and vulnerabilities.

Purpose of a strategic plan for security is to render with required information to take decisions towords the market trends and business direction.

Strategic business objectives Strategic business objectives are the highest level, or fundamental, objectives of the organization.

Information Security implementation for controlling and achieving business goals where Business lacking alignment with information security that will damage an organizational effectiveness to achieve business goals with proper information security perspective and objectives.

Strategic capabilities can be included with the enhancement of collaboration , a virtual computing, or a cloud computing techniques.

b)Risk management by executing appropriate measures to manage and mitigate threats to information resources

The objective of risk management is necessary for the organization to achieve its goals

(1) Information security for protecting and managing data to be stored, processed, transmitted.

(2) For controlling a well-informed risk management to achieve to the IT budget;

(3) For accrediting and supporting the IT systems by documentation management with the risk management.

Risk management process are required to manage a balance the operational and monetary control with some protective parameters to measure and makes gains through the secured the IT systems to achieve business goals

Risk management validates three processes:

Risk assessment

A process for identification and evaluation of risks with risk reduction strategy.

Risk mitigation

A process for prioritizing, implementing, and maintaining for risk assessment.

Evaluation and assessment

To organize the continual and sustainable evaluation of process and for flaw less risk management .

c)Resource management by utilizing information security knowledge and infrastructure efficiently and effectively

Resource Management Information security infrastructure are maintained efficiently and effectively.

Those are as follows:

• information integrity and maintain infrastructure.

• Protection of IT assets like software, data.

• Prevent and recover from failures from bugs, hackings and disaster.

• the applications and technology solutions works as per tasks assigned.

d) Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved

Security activities manages resources to the Optimal business levels are being occurred at the time of strategic goals for information security which are to be reached with risk management to achieve the organizational goal in a cost effective manner.

The goals are :

• Automated trusted transmission and flaw less information exchanges .

•Ensuring the IT services are required.

• Minimizing the interruption.

•Reducing security disruptions .

• Ensuring minimum strategic changes.

• Making a cost-effective plans for handling risks.

e) Resource Optimization – Using Information security knowledge and infrastructure efficiently

·To be sure to the collective knowledge of resource handling

· To be documented the whole Processes
· To define Security procedure

f) Value delivery by optimizing information security investments in support of organizational objectives:

Value Delivery

To be Optimized a security for investments in business with required objectives by

achieving a proper return from market by applying security investments

Information security program is required for managing market as well as organizational risk management with effective and secured information for the development and maintaining a IT system:

1.    A long-term data security

2.    An effective and technically strong security plan

3.    A proper Security policies and procedures,

4.    Documentation and managing business structure

5.    Risk Management Plan

6.    Security Strategy

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.