Residency Project Problem: Governance and Strategic Planning for Security
Strategic planning and corporate responsibility are best accomplished using an approach industry refers to as governance, risk management, and compliance (GRC). GRC seeks to integrate these three, previously separate responsibilities into one holistic approach that can provide sound executive-level strategic planning and management of the InfoSec function.
Governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the enterprise's resources are used responsibly.
Strategic planning is the process of defining and specifying the long-term direction (strategy) to be taken by an organization, and the allocation and acquisition of resources needed to pursue this effort.
Prepare a 2 to 3 pages paper (not counting your title page and references page) that addresses the following:
o Indicate in detail, what is InfoSec Governance?
o Indicate in detail, what is the importance of building an information security strategic plan?
The response must include a reference list. Using one-inch margins, double-space, Times New Roman 12 pnt font and APA style of writing and citations.