Information security (InfoSec) governance program

Identify an appropriate information security (InfoSec) governance program for a company, using a quantitative risk assessment to justify the investment in the program and an executive summary to concisely present findings. Using the case study company selected for the Topic 1 assignment, write a paper (1,250-1,500 words) that recommends and justifies a particular InfoSec governance to C-suite (executive-level) management. Directions Be sure to include the following: Description of an InfoSec governance program appropriate for the selected company. Recommend a governance program. Describe the security strategy used. Explain the risk management methodology. Identify security policies. Identify how ethics plays a role in the InfoSec governance program. Explanation of a quantitative risk assessment justifying investments in information security. Include a cost-benefit analysis using the annual loss expectancy.