Select an organization that you would like to develop an IT governance strategy for, using ISO 27001, Information Security Management System (ISMS). You can find ISMS on the Internet or in this unit’s reading. The organization should be one you are familiar with from having worked there.
In your paper, include the following:
- Define and discuss the ISO 27001 Information Security Management System in terms of the Deming Cycle of continuous improvement of Plan-Do-Check-Act (PDCA)
- Brief description of the organization and type of business engaged in.
- High level information security policy that defines management’s overall objective for information security as it relates to business requirements and relevant laws and regulations.
- Information security direction for the organization
- Information security objectives for the organization
- Information on how the organization will meet contractual, legal, and regulatory requirements
- A statement of commitment to continuous improvement of the ISMS.
- High level risk assessment (for purposes of this paper, discuss the top 3-4 risks only)
- Define a risk management framework that will be used
- Identify risks and describe the risk
- Analyze and evaluate the risks in terms of severity and impact
- Statement of Applicability
- Identify selected controls to address identified risks (again only the top 3-4 risks)
- Explanation of why these controls were selected
- Conclusion paragraph
This is a short version of an IT governance strategy but will provide a good understanding of the elements that must be included for this ISO 27001 ISMS.
- 4-5 pages of content (exclusive of cover sheet and references page), using Times New Roman font style, 12pt, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s)
- At least 1 credible source cited and referenced
- No more than 1 table or figure
- No spelling errors
- No grammar errors
- No APA errors