“If you spend more time on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”Richard Clarke, Whitehouse Cyber Security Advisor
#6. Integration. When all InfoSec processes work as intended from end to end.
#5. Measuring Performance. When all InfoSec processes are monitored and measured to make sure they acheive their goals.
#4. Optomized Resources. All InfoSec knowledge and infrastructure are being effectively used as designed.
#3. Delivered Value. When security investments support business goals.
#2. Managing Risk. Consciously deciding to act.
#1. Strategic Alignment. When InfoSec and business strategy align, creates three achievements:
- The enterprise defines what good strategy looks like.
- Security matches the company’s DNA, instead of trying to rewrite it.
- The amount of money spent on InfoSec reflects how important security is to the organization.