CISM Domain 1

Standard

Policy

Guideline

Procedure

Strategic Alignment

Value Delivery

Accountability

Performance Measurement

Project timeline

Technical specifications

Cost benefit analysis

Stakeholder engagement

Cultural differences

Technological advancements

Employee training programs

Marketing strategies

Shareholders

Board of Directors

Chief Financial Officer

Senior management team

No exceptions are allowed.

Create a rigid framework without flexibility

Provide a mechanism for exceptions.

Delegate exception approvals to external entities.

Achieving maximum performance

Creating a high-level conceptual security architecture

Simultaneously establishing outcomes and objectives

Aligning with enterprise architecture and managing risk to an acceptable level

Consensus from all stakeholders is essential for the proposed policy.

The policy should align with standard corporate policy approval procedures.

Policies should mirror the leadership tone set by senior business executives

Cybersecurity managers typically handle the communication and implementation of approved security policies.

Hiring of overqualified individuals

Continuous education programs tailored to enterprise needs

Strict enforcement of security policies without exception

Independent development of security skills by individual employees

Assessing the historical occurrences of specific threats

Calculating the probable annual loss expectancy

Evaluating the acceptability of rare threats

Determining the likelihood and probable magnitude of threats