CISM Day1

Technical

Regulatory

Privacy

Business

establish security metrics and performance monitoring

educate business process owners regarding their duties

ensure that legal and regulatory requirements are met.

support the business objectives of the organization

a formal security policy sponsored by the chief executive officer (CEO).

regular security awareness training for employees.

periodic review of alignment with business management goals.

senior management signoff on the information security strategy

Interviewing candidates for information security specialist positions

Developing content for security awareness programs

Prioritizing information security initiatives

Approving access to critical financial systems

Technical platform interfaces

Scalability of the network

Development methodologies

Stakeholder requirements

Number of employees

Distance between physical locations

Complexity of organizational structure

Organizational budget

prepare a security budget.

conduct a risk assessment.

develop an information security policy.

obtain benchmarking information.

business dependency assessment.

strategic alignment.

risk assessment.

planning.

Give organization standards preference over local regulations

Follow local regulations only

Make the organization aware of those standards where local regulations causes conflicts

Negotiate a local version of the organization standards

Senior management

Security manager

Quality manager

Legal department