Question 1:
To accomplish effective information security governance, management should establish and maintain a framework to guide the development and maintenance of comprehensive information security programme. What does the governance framework generally comprise? Also draw up the Conceptual Framework.
Question 2:
The best entire indicator of information security activities in alignment with business (or organisational) objectives is development of an information security strategy which defines information security objectives in business terms and ensures the objectives are directly articulated from planning through implementation of policies, processes, procedures, standards and technology. What can the Indicators of alignment comprise?
Question 3:
Risk management is ultimate objective of all information security activities and, indeed, all organisational assurance efforts. While risk management effectiveness isn’t subject to direct measurement, there are indicators that correlate well with a successful approach. A successful risk management programme can be stated as one that efficiently, effectively and consistently meets expectations and attains defined objectives.
What would be some of the Indicators of proper risk management?
Question 4:
For most organisations, a variety of specific near-term tactical goals which align with the entire information security strategy can be stated readily. If the objectives of the security strategy ultimately require compliance with defined portions of ISO/IEC 27002. Provide an example of a near-term action (or tactical) plan may state, for the first 12 months.