Analyze the Operating Environment |
|
Conduct analysis to understand the organization’s variables within the political, industry, global, and organizational environments. |
|
|
Create and Disseminate Policy |
|
Create a comprehensive set of policies required to align information security controls and activities with business goals and objectives. |
|
|
|
|
Define IS Requirements |
|
Derive a set of information security requirements from policy and business goals and objectives to define a Target Security Environment for the organization. Define human resource requirements including roles and responsibilities. Define financial and budget requirements. |
|
|
Develop Information Security Plan |
|
A roadmap of action that utilizes defined resources to achieve the identified Target Security Environment. Develop a Risk Management Plan that defines processes for accepting, mitigating, or transferring risk. |
|
|
Communicate with Constituents |
|
Participate and exchange information with other business units within the enterprise. Develop a plan for communicating with executive management and all constituents. Define a plan for educating all constituents within the enterprise. |
|