Identify an appropriate information security (InfoSec) governance program for a company, using a quantitative risk assessment to justify the investment in the program and an executive summary to concisely present findings.
Using the case study company selected for the Topic 1 assignment, write a paper (1,250-1,500 words) that recommends and justifies a particular InfoSec governance to C-suite (executive-level) management.
Directions
Be sure to include the following:
Description of an InfoSec governance program appropriate for the selected company.
Recommend a governance program.
Describe the security strategy used.
Explain the risk management methodology.
Identify security policies.
Identify how ethics plays a role in the InfoSec governance program.
Explanation of a quantitative risk assessment justifying investments in information security. Include a cost-benefit analysis using the annual loss expectancy.