Developing an Information Security and Risk Management Strategy

by Interop

Aug 27, 2010

Download Learn how to develop a multi-phased information security and risk management (ISRM) strategy from John P. Pironti, CISA,CISM, CGEIT, CISSP, ISSAP, ISSMP, president of IP Architects LLC and security conference track chair at Interop. an ISRM provides a road map for information and information infrastructure protection with goals and objectives that ensure capabilities provided are aligned to business goals and the organization�s risk profile. Traditionally, ISRM has been treated as an IT function and included in an organization�s IT strategic planning. As ISRM has evolved into a more critical element of business support activities, it now requires its own independent strategy to ensure its ability to appropriately support business goals and to mature and evolve effectively. A multiphased approach to developing an ISRM strategy is often most effective and provides recognizable results and value to an organization. The five phases discussed: 1) Business Awareness, 2) Strategy Definition, 3) Strategy Development, 4) Metrics And Benchmarking and 5) Implementation And Operation