|
The main philosophy running through the preceding paragraphs should be obvious: As a service and support organization, the IWC ISSO and InfoSec organization staff and the IWC CIAPP must include plans that support the business plans of the corporation.
The ISSO should be able to map each major business goal and objective of each plan to key security projects and functions. When writing the applicable InfoSec plans, the ISSO will also be able to see which functions are not being supported. That may or may not be a problem. However, the mapping will allow the ISSO to identify areas where required support to the plans has not been identified in the ISSO's plans. The ISSO can then add additional tasks where increased CIAPP support is needed. An additional benefit of following this procedure is to be able to show management how the CIAPP is supporting the business. When mapping the security plans to the business plans, the ISSO should summarize the goals, as they will be easier to map.
|