Governance and Strategic Planning for Security

2. In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including InfoSec policies, security education and training programs, and technological controls.
3. The process of achieving objectives by appropriately applying a given set of resources.
4. The process of creating designs or schemes for future efforts or performance.
6. A high-level executive, such as a CIO or VP-IT, who will provide political support and influence for a specific project.
7. A formal approach to designing information security programs that follows the methodology of a traditional information systems development life cycle (SDLC), including a recursive set of phases such as investigation, analysis, logical design, physical design, implementation, and maintenance and change.
8. In some organizations, an alternate title for the CISO; in other organizations, the title most commonly assigned to the most senior manager or executive responsible for both information and physical security.
9. The senior technology officer responsible for aligning the strategic efforts of the organization and integrating them into action plans for the information systems or data-processing division of the organization.

1. The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the enterprise's resources are used responsibly.
5. The process of influencing others and gaining their willing cooperation to achieve an objective by providing purpose, direction, and motivation.
6. The individual responsible for the assessment, management, and implementation of information-protection activities in the organization. The CISO is typically considered the top information security officer in an organization.