H. Security Strategy Development. Flashcards Preview

CISM: 1- Information Security Governance > H. Security Strategy Development. > Flashcards

Flashcards in H. Security Strategy Development. Deck (9)
Loading flashcards...
1
Q

What is a strategy

A

A plan to achieve an objective

2
Q

What is the concept of strategy

A

Understand where you are now and where you want to be. The strategy is the path to follow to get from where you are (current state) to where you want to be (strategic objective).

3
Q

What is an objective

A

A desired future state for the organization’s security posture and level of risk.

4
Q

Strategic alignment - an objective of a strategy

A

The desired future state, and the strategy to get there, must be in alignment with the organization and its strategy and objectives.

5
Q

Effective risk management - an objective of a strategy

A

A security program must include a risk management policy, processes, and procedures. Without risk management, decisions are made blindly without regard to their consequences or level of risk

6
Q

Value delivery - an objective of a strategy

A

The desired future state of a security program should include a focus for continual improvement and increasing efficiency.

7
Q

Resource optimization - an objective of a strategy

A

strategic goals should efficiently utilize available resources.

8
Q

Performance measurement - an objective of a strategy

A

the ongoing security and security-related business operations should themselves be measurable,

9
Q

Assurance process integration - an objective of a strategy

A

An effective strategy would work to break down these silos and consolidate assurance processes, reducing hidden risks.