InfoSec Governance: What Success Looks Like

“If you spend more time on coffee than on IT security, you will be hacked.  What’s more, you deserve to be hacked.”

Richard Clarke, Whitehouse Cyber Security Advisor

Six Outcomes

#6.  Integration.  When all InfoSec processes work as intended from end to end.

#5.  Measuring Performance.  When all InfoSec processes are monitored and measured to make sure they acheive their goals.

#4.  Optomized Resources.  All InfoSec knowledge and infrastructure are being effectively used as designed.

#3.  Delivered Value.  When security investments support business goals.

#2.  Managing Risk.  Consciously deciding to act.

#1.  Strategic Alignment.  When InfoSec and business strategy align, creates three achievements:

  • The enterprise defines what good strategy looks like.
  • Security matches the company’s DNA, instead of trying to rewrite it.
  • The amount of money spent on InfoSec reflects how important security is to the organization.

\\ JMM

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.