Organizations that you work for will often apply an IT governance framework such as COBIT or ISO 27001, or one of the others that are available. These frameworks

IT591-1: Develop an IT governance strategy for an organization.

Purpose

Organizations that you work for will often apply an IT governance framework such as COBIT or ISO 27001, or one of the others that are available. These frameworks provide guidelines for IT governance in the organization and offer guidelines for building a governance system. In this unit, you will apply the ISO 27001 Information Security Management System (ISMS) framework to begin outlining a governance strategy for an organization.

Assignment Instructions

Select an organization that you would like to develop an IT governance strategy for, using ISO 27001, Information Security Management System (ISMS). You can find ISMS on the Internet or in this unit’s reading. The organization should be one you are familiar with from having worked there.

In your paper, include the following:

Define and discuss the ISO 27001 Information Security Management System in terms of the Deming Cycle of continuous improvement of Plan-Do-Check-Act (PDCA)Brief description of the organization and type of business engaged in.High-level information security policy that defines management’s overall objective for information security as it relates to business requirements and relevant laws and regulations.Information security direction for the organizationInformation security objectives for the organizationInformation on how the organization will meet contractual, legal, and regulatory requirementsA statement of commitment to continuous improvement of the ISMS.High-level risk assessment (for purposes of this paper, discuss the top 3–4 risks only)Define a risk management framework that will be usedIdentify risks and describe the riskAnalyze and evaluate the risks in terms of severity and impactStatement of ApplicabilityIdentify selected controls to address identified risks (again only the top 3–4 risks)Explanation of why these controls were selectedConclusion paragraph

This is a short version of an IT governance strategy but will provide a good understanding of the elements that must be included for this ISO 27001 ISMS.

Assignment Requirements

4–5 pages of content (exclusive of cover sheet and references page), using Times New Roman font style, 12 point, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s)At least 1 credible source cited and referencedNo more than 1 table or figureNo spelling errorsNo grammar errorsNo APA errors