Residency Project 3 – Governance and Strategic Planning for Security
Strategic planning and corporate responsibility are best accomplished using an approach industry refers to as governance, risk management, and compliance (GRC). GRC seeks to integrate these three, previously separate responsibilities into one holistic approach that can provide sound executive-level strategic planning and management of the InfoSec function.
Governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the enterprise’s resources are used responsibly.
Strategic planning is the process of defining and specifying the long-term direction (strategy) to be taken by an organization, and the allocation and acquisition of resources needed to pursue this effort.
For this project, using https://www.sciencedirect.com/topics/computer-science/security-governanceLinks to an external site. and https://securityintelligence.com/the-importance-of-building-an-information-security-strategic-plan/Links to an external site. , prepare a 2-3 page paper (not counting your title page and references page) that addresses the following:
(a) Indicate in detail, what is InfoSec Governance?
(b) Indicate in detail, what is the importance of building an information security strategic plan?