10.4. Create Protection Strategy
Information security affects the entire organization. It is ultimately a business problem whose solution involves more than the deployment of information technology. Solution strategies need to balance the organization's long- and short-term needs by incorporating both strategic and tactical (or operational) views of risk. An organization can take strategic actions focused on organizational improvement (by implementing a protection strategy) as well as operational actions focused on protecting their critical assets (by implementing risk mitigation plans). In this activity you develop a protection strategy for organizational improvement, addressing the strategic view of risk.
Protection Strategy
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
