Information Security Program Objectives
The security manager should understand the following objectives of the security program while implementing it:
- Providing maximum support to business functions
- Minimizing operational disruptions
- Implementing the strategy in the most cost-effective manner
After establishing the objectives, key goal indicators (KGIs) to reflect these objectives should be developed. After developing the KGIs, the next step is to determine the current state of security. The current state is compared with the established objectives and any gaps identified are addressed to improve the security processes.
Key Aspects from the CISM Exam Perspective
The following are some key aspects from the exam perspective:
Question |
Possible Answer |
A security policy should be closely aligned with: |
Organizational needs ... |