InfoSec Management

The main objective of Information Security Management is to implement the appropriate measurements in order to minimize or eliminate the impact that security related threats and vulnerabilities might have on an organization. Measurements include Capability Maturity Models (which identify stages of development of an organization from an immature state through several levels of maturity as the organization gains experience and knowledge), Capability Mapping Models (which describe what a business does to reach its objectives and promotes a strong relationship between the business model and the technical infrastructure that supports the business requirements resulting in a view that can be understood by both the business and IT), Roadmaps in the form of security architectures (which provide a road map to be followed by individual projects serving individual business initiatives), and Risk Portfolios (where identified risks are registered, monitored, and reported). Dashboards for security management and risk management are used to measure and report the level of effectiveness of decisions and help the organization make new decisions that will maintain and improve that effectiveness. Analysis and plans for remediating residual risks are also part of the overall risk management framework.