How can governance policies and principles be used to inform strategic decisions being made by business organizations and their IT security management professionals?

How can governance policies and principles be used to inform strategic decisions being made by business organizations and their IT security management professionals?.

Information Security and IT Risk Management
Begin by providing a brief critical analysis of this week’s reading, “The Role of Information Security and Its Relationship to Information Technology Risk Management.” Share insights you gained and additional questions that were raised. Discuss areas where you agree and disagree with the conclusions presented.

Risk Management
Based on scholarly and relevant practitioner literature, analyze guidelines and policies for From your reading, research, and experience, consider how to define risk management with respect to information security. Examine whether risk management enhances or hinders business objectives and how much security is required for a business to operate securely. How can governance policies and principles be used to inform strategic decisions being made by business organizations and their IT security management professionals?
Illustrate your position with examples, and provide support for your position from relevant sources. Consider opportunities where additional scholarly support could further this discussion.

Readings
Use your text to complete the following:
• Read Reading 2, Pipkin’s “Linking Business Objectives and Security Objectives,” pages 8–16. As you read this article, consider the factors that cause security and business objectives to be in conflict, as well as opportunities for creating a stronger alignment between them in your own organization.
Research
In preparation for this unit’s discussions and to further explore the topic areas, complete research of scholarly and relevant practitioner literature or case studies in the following areas. Read the discussion topic instructions for further details.
• Security governance and program management—how the two are meeting corporate or business objectives without hindering the business.
• Aligning IT strategy with business strategy.
• Security program management, particularly as it applies to strategic decision making options available to organizations with respect to defining guidelines, policies, strategies, and approaches to managing information security.
Reference:
Whitman, M. E., & Mattord, H. J. (2009). Readings and Cases in the Management of Information Security. Boston, Massachusetts:

How can governance policies and principles be used to inform strategic decisions being made by business organizations and their IT security management professionals?

Posted in Uncategorized