Management and Cyber security
CyberSheath International (2017). Tips for Writing Your System Security Plan
Building-out an information security program can be challenging on many levels. From aligning strategic and tactical initiatives with organizational objectives to developing a policy framework that can be successfully socialized and enforced, the job of a leader in this challenging space often requires several key competencies:
- The ability to understand an organization's mission and what drives its business
- The ability to understand the competitive and macro forces against an organization, and align the associated risks with an Information Systems Security Plan (ISSP)
- The ability to partner with stakeholders and articulate the risks related to information security in a manner that places them in alignment with organizational risks
- The ability to establish a shared-vision for an information security program that inspires others to act
- The ability to understand the culture of an organization and effect change in a way that drives down risk and increases overall security posture
- The ethical wherewithal to ensure all aspects of an information security program are led and managed in a way that represents the best interests of an organization and its stakeholders
