Description
When planning an InfoSec program, an organization is expected to specify for employees their behavior toward security and the security of the organization. The major stakeholders involved in the planning of InfoSec may differ depending on the type and size of the organization. Assuming you were to develop a new InfoSec program for your organization or one you are familiar with, discuss the major stakeholders that may be involved in this planning and the reasons why these stakeholders should be involved. Determine if these stakeholders would also be involved in IT strategic planning. How would these roles overlap between InfoSec strategic planning and IT strategic planning? After posting your initial response, please respond to two of your peers by the end of the module week.
Required Course Materials
Title: Management of Information Security
ISBN: 978-1337405713 Paperback
ISBN2: 978-137671545 eBook
Authors: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
Publication Date: 2019
Edition: 6th
Format: Textbook
Chapter 3 discusses specific processes involved in planning for InfoSec as aligned to the organization’s strategic plan. Governance and strategic planning for long-term viability of the InfoSec program is explained in detail. Chapter 4 defines information security policy and the central role in a successful information security program. Major types of information security policies and the major components of them are described as well as the process of developing, implementing, and maintaining various types of information security policies.
Read the following from your textbook:
Chapter 3 – Governance and Strategic Planning for Security
Chapter 3 Presentation (PPTX)<a href="https://erau.instructure.com/courses/129311/files/26471626/download?download_frd=1" title=" download“> Chapter 4 Presentation (PPTX)<a href="https://erau.instructure.com/courses/129311/files/26471631/download?download_frd=1" title=" “>