Information security
management and governance are not simply implemented tasks within
organizations. An information security governance program is a program that
must be thoroughly planned, include senior-level management involvement and
guidance, be implemented throughout the organization, and be updated and
maintained. The International Organization for Standards (ISO) and the
International Electrotechnical Commission (IEC) has created information
security governance standards. Review the information security governance
information provided by ISACA, located athttp://www.isaca.org/Knowledge-Center/Research/Documents/InfoSecGuidanceDirectorsExecMgt.pdf.
Write a 3-5 page paper
in which you:
1.
Define the information
security governance and management tasks that senior management needs to
address.
2.
Describe the outcomes
and the items that will be delivered to the organization through the
information security program.
3.
Develop a list of at
least five (5) best practices for implementing and managing an information
security governance program within an organization.
4.
Develop a checklist of
items that needs to be addressed by senior management, including priorities and
needed resources.
5.
Use at least three (3)
quality resources in this assignment. Note: Wikipedia and similar Websites do
not qualify as quality resources.
Your assignment must
follow these formatting requirements:
·
Be typed, double
spaced, using Times New Roman font (size 12), with one-inch margins on all
sides; references must follow APA or school-specific format. Check with your
professor for any additional instructions.
·
Include a cover page
containing the title of the assignment, the student’s name, the professor’s
name, the course title, and the date. The cover page and the reference page are
not included in the required page length.
The specific course
learning outcomes associated with this assignment are:
·
Examine the principles
requiring governance of information within organizations.
·
Use technology and
information resources to research legal issues in information security.
·
Write clearly and concisely
about information security legal issues and topics using proper writing
mechanics and technical style conventions
