Review the CMM approach for setting security objectives, and the list of fifteen stated attributes and characteristics used determine risk management objectives (p. 78).Based on your workplace/organization develop a sample strategy for one area of Information Security Governance (list below), follow the 10 steps provided in chapter 11, p. 99.
Start by selecting the area and briefly describing it (0), then define the desired state (1), define the current state (2), perform a gap analysis (3)….develop a project and management plans (10). Mark the numbers.
*Follow the example that I provided in chapter 11 slides posted in the discussion board, you should provide your sample strategy as a vertical bird’s eye view; for example, for step 9, “Design monitoring and metrics for controls”, suggest an industry tools/methodology for monitoring and metrics rather than developing an actual metrics.
**Remember to determine the status by selecting the appropriate level of maturity: nonexistent, ad-hoc, repeatable but intuitive, defined process, managed and measurable, optimized (p. 59).
(*clearly label each step rather than form your answer in an essay style)
Choose one area of Information Security Governance:
1. Access Control
2. User Identification
3. Password Management
4. Secure Communication
5. Secure Storage
6. Remote Access
7. Pre-Employment Screening
8. Personnel Separation
10. System Inventory
Review the 10 steps of the strategy development process noted in chapter 11, page 99.
6b.I In your opinion which step poses the most difficult challenge to an information security manager? Why? Provide an example to support your answer.
6b.II In your opinion which step poses the most difficult challenge to a senior manager? Why? Provide an example to support your answer.
Review your organization’s/workplace’s (or an organization that you are familiar with or previously worked for) Information Security Program manual for a policy about data management on personal devices.
6c.I Identify the policy and provide the text in quotation.
6c.II Analyze the policy’s and standard’s attributes, use adjustives in your answer similar to those noted in chapter 12. (i.e. meaningful, necessary, specific, consistent, clear, contiguous, proportionate, measurable, enforceable, acceptable, adaptable, etc.)
6c.II Suggest improvements or appropriate updates to the policy