Developing the Corporate Strategy for Information Security Research Paper

Developing the Corporate Strategy for Information Security - Research Paper Example Example: Implementation of this function in the organization can be done through the utilization of risk assessment tools in order to depict potential risks to information security. Management of the Risk Another vital function of CISO is managing the risks, which are interrelated with the functions of continuous assessment. Based on the results of the assessment, the officer is liable to develop strategies and plans in order to mitigate these threats (Whitman & Mattord, 2010; Homeland Security, 2007). Example: In an organization, this function can be accommodated by determining risk management strategies, having continuous monitoring of the organizational processes. Implementation of Designed Program Another vital function of CISO calls for proper implementation of the designed programs to ensure that the organizational strategies are applied in an ethical and hazard-free manner. This function of the officer is quite vital, as efficiency of the other functions tend to be highly depe nded on its proper execution (Whitman & Mattord, 2010; Homeland Security, 2007). Example: For the effective execution of this function, the CISO would need to utilize management techniques so that successful implementation of the organizational strategies can be assured. b. ... the competency to manage a control plan restricting inappropriate access to information that may hamper organizational interests either directly or indirectly (EC-Council, 2013; Homeland Security, 2007). Physical Security In accordance to this competency, CISO will need to be familiar with the standards, policies and laws associated with physical security. In this regard, it would also be vital for the CISO to determine the importance of such physical assets for any organization. Owing to this understanding, CISO will be able to gain the competency to manage and develop a coherent plan to ensure the overall information security within the organization (EC-Council, 2013; Homeland Security, 2007). Risk Management Mitigation as well as proper treatment of the threats being identified, is among the core competencies of CISO. In this regard, CISO should also need to be aware about the various resources that would be required towards determining proper risk management plan for the potentia l threats. It would be worth mentioning in this regard that successful mitigation of risk is directly dependent on this competency of CISO (EC-Council, 2013; Homeland Security, 2007). 2. The Chief Information Officer (CIO)’s functions within an organization a. Four (4) functions of CIO Manage A major function of a CIO is to determine the risks associated with information security of an organization. This can be done on the basis of facilitated understanding of policies and regulatory norms, related to managing the information. These functions will also include managing the strategic plans as well as programs associated with the information technology practiced within an organization (United States Dept. of Homeland Security, 2011; Homeland Security, 2007). Example: This function of a CIO