CISM: Business Goals and Objectives

From Glitchdata
(Redirected from CISM: Risk Objectives)
Jump to navigation Jump to search

Governance Objectives

Governance business goals are:

  • Aligned with Business Strategy (first)
  • Align with IT Strategic Plan
  • Regulatory requirements
    • Local requirements
    • Legal requirements
  • Reduce governance costs (secondary)

Risk Objectives

  • Improve Risk Management (main)
    • using appropriate measure to reduce risk, and potential impacts on information
    • Understand the threats, and vulnerabilities
    • Knowing the risk exposure and consequences of compromise
    • Awareness of risk management priorities
    • Risk acceptance / conference based on understanding of consequences of residual risk.

Compliance Objectives

  • Harmonise security activities
    • Convergence of security activities would be an element of GRC