Information security governance requires involvement from stakeholders throughout the organization. Executives, business owners, technical experts, and legal experts assess, plan, and execute information security governance in the organization. In order to deal efficiently with information security governance you will have to understand the fit between it and the entire organizational structure.
To prepare for this Assignment, assume the role of computer security team leader in an organization that needs to mitigate a risk. You have been asked to design and test a process for assessing and mitigating risk in the organization but, before you do, you need to make sure you have the right people on your team.
Next, describe a particular type of risk that you think the organization is facing or may face in the near future. The risk should involve either the use of a new technology or a new administrative process.
You have complete authority to form your own team and identify any resources you would need to perform your job.
For this Assignment, write a 5 page paper aligning the security team with the overall organizational structure and outlining the responsibilities of the different stakeholders. Respond to the following in your paper:
- What is the risk that you identified?
- What are the skill sets you need on the team?
- How would you determine whether a prospective team member possesses the required skill sets?
- What critical items would you need to consider while forming the team, and why?
- How does the information security function of your team fit into the larger organizational structure?
- What are the roles and responsibilities (relevant to the risk management process) of the stakeholders who need to be involved in the entire process?
Clearly state any other assumptions you make for this scenario.