The Challenge

You budget for, enable, and staff your organization’s information security program with people, technology, and visionary prowess. As you step back and observe do you find yourself wondering: Does the business consider the program relevant? Is my security program effective? In a business environment where resources are limited, compliance requirements abound, and budgets are constantly challenged to meet cost containment targets, this article will explore a strategy to align information technology (IT), information security (IS) (note: one is not necessarily inclusive of the other – a topic for another article), system and data owners (SDO), aka: your business units, and leadership.

The Opportunity

Aligning IT, IS, SDO, and leadership will strengthen information systems’ value and inherent information security situational awareness, an awareness I would argue is incorrectly shouldered by IT. When it comes to managing information assets to assure the confidentiality, integrity, and availability (CIA) of an organization’s systems and data, what roles are in play? Good question, here are the primary ones found in any organization, with roles defined:

How can you effectively secure what you do not fully understand? Effectively securing an organization’s systems and data requires a clear understanding, outside of IT, of information systems value and risk. Components of a total information systems picture may include:

An effective communications strategy will strengthen information systems’ alignment between IT, IS, and the business. When an organization raises the level of awareness with the” total information systems picture”, a business process will take hold that facilitates system discussions leading to meaningful system decisions. While there can be many types of system decisions organizations must consider, a few examples may include:

The Plan

A strategy for enabling effective communications will look different from one organization to another. A communications strategy should consider an organization’s unique characteristics, culture, and climate. Activities that can contribute to enabling an effective communications strategy should include:

Planning, execution, and effective communications can produce meaningful results and aid in your information security program being experienced as relevant.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram