CISM: Business Goals and Objectives

Governance Objectives

Governance business goals are:

• Aligned with Business Strategy (first)
• Align with IT Strategic Plan
• Regulatory requirements
  • Local requirements
  • Legal requirements
• Reduce governance costs (secondary)

Risk Objectives

• Improve Risk Management (main)
  • using appropriate measure to reduce risk, and potential impacts on information
  • Understand the threats, and vulnerabilities
  • Knowing the risk exposure and consequences of compromise
  • Awareness of risk management priorities
  • Risk acceptance / conference based on understanding of consequences of residual risk.

Compliance Objectives

• Harmonise security activities
  • Convergence of security activities would be an element of GRC