Module 2 Discussion
Why is it important to treat security not as a "point in time" measurement? If you had to explain the important of investing in security in a long-term strategy to a CEO or CFO, how would you counter the "point in time" argument?
What would an effective security policy look like to you? Describe its key elements. Find a policy either from your organization or from UAB (UAB IT has a database full of policies) and choose one that you think best reflects what you believe would be effective. Don't forget to explain why you picked it!
Visit the ISO website (http://www.iso.org (Links to an external site.)) to find out how ISO standards are developed. What did you learn? Why do you think security professionals continually review these standards when designing their own?
What does governance mean to you? Make sure you use plain language and include an example!
What does strategic alignment mean? How does it work from the perspective of business, IT, and Information Security?
Ideally, who is involved in designing and maintaining a secure organizational environment? Who are the key stakeholders?