all right now here you can see a little chart, and I realized the writing's a little bit fuzzy. I took this off of Ice Saca's website, which is a great sight. Ah, that you can go to get some information about management, information, security, management. And again, they are the ones that put out the certified information security manager.
This is, um, exam. So it's a great sight,
and it's simply www dot i sacha dot org's and that's I s a C A I sacha dot org's. So ultimately here, as we've been talking about security strategy, we've talking about making sure we have strategic alignment with risk management, value delivery,
resource management and then integration. This is such a good chart, because what it shows is each level of management what their responsibility is in order to make sure that our security strategy
serves the organization as it should. So, of course, their roles for the board of directors, and you'll notice if you go across looking at the board of directors and their responsibilities, every single one of these starts with the phrase set direction for
right. That's the job of board of directors and that's really
the element of governance is setting the direction, setting the tone, setting the focus of the organization. They're not bogged down with the, um, with how part of it they're much broader in nature by saying this is ultimately the philosophy and the approach of our organization.
Right then we come down the senior executive. So these are the folks
with you know, the chief executive officer, chief operating officer, and you'll see their job making sure that processes for strategic alignment institute processes to integrate security with the business, make sure roles and responsibilities look, att, risks. And as we move forward
now, of course, the element that's a most concerned us is down at the bottom
as a chief's information security officer, Howell, And make sure that what we're doing supports that or is strategically aligned with the business. Well, I'm the one who's developing the strategic with the strategy, so I have to make sure that our security program
fits in, and the way that I do that
is with meetings with the chief executive officer and operating officer, financial officer, and I find out what the needs and what the overall objectives are within the organization. And then I developed strategy, and I recommend policies to help achieve those goals.
So ultimately it's gonna be interacting
with the elements of the business and not just those chief officers, but also business unit managers as well.
All right, under risk management, I need to make sure that we're conducting risk management. That risk made it. What's the foundation for our policies? I do assessments so that I can understand how certain risks or threats materializing will affect business units and try to determine
the likelihood and the impact of those risks
when we move into value delivery. I've gotta monitor utilization and make sure the service is that I'm providing the mitigation strategies have put in place or working and that they're working based on the costs that we output a
ah, performance measurement. Make sure that I know what we're monitoring.
Have a hand in deciding what processes get monitor how frequently not only doing monitor, but how frequently do we review the logs? What are the metrics were setting and what checkpoints along the way to determine are we getting where we wanna be?
All right, resource management making sure again that we're capturing information and that were disseminating that met that information and it base it. We base it on again cost benefit analysis and my providing the value of service that I'd hope to provide and then ultimately
meeting with other business managers.
So not just based on metrics that I've determined. But now I want to meet with those business unit managers, and I want to find out what their feet back is because ultimately those are my customers. These air, the folks within my organization that I'm serving the business unit managers and the work of the organization.
So this is a great chart. Quite honestly. I think this is one worth pausing the video for and taking a look doing a screen chapter because I think this really helps
helps us understand where this is, Oh, fits into the organization as a whole. And then what? The other responsibilities are off other managing entities