Organizations that you work for will often apply an IT governance framework such as COBIT or ISO 27001, or one of the others that are available. These frameworks provide guidelines for IT governance in the organization and offer guidelines for building a governance system. In this unit, you will apply the ISO 27001 Information Security Management System (ISMS) framework to begin outlining a governance strategy for an organization.
Select an organization that you would like to develop an IT governance strategy for, using ISO 27001, Information Security Management System (ISMS). You can find ISMS on the Internet or in this unit’s reading. The organization should be one you are familiar with from having worked there.
In your paper, include the following:
Define and discuss the ISO 27001 Information Security Management System in terms of the Deming Cycle of continuous improvement of Plan-Do-Check-Act (PDCA)
Brief description of the organization and type of business engaged in.
High-level information security policy that defines management’s overall objective for information security as it relates to business requirements and relevant laws and regulations.
Information security direction for the organization
Information security objectives for the organization
Information on how the organization will meet contractual, legal, and regulatory requirements
A statement of commitment to continuous improvement of the ISMS.
High-level risk assessment (for purposes of this paper, discuss the top 3–4 risks only)
Define a risk management framework that will be used
Identify risks and describe the risk
Analyze and evaluate the risks in terms of severity and impact
Statement of Applicability
The post Develop an IT governance strategy for an organization. first appeared on COMPLIANT PAPERS.