Existing IT environment.
Implementing an IT scorecard
Identifying organisational strategies.
Performing a risk assessment
Creating a formal security policy
The organization's strategies and objectives extend the IT strategy.
The business strategy is derived from an IT strategy.
IT governance is separate and distinct from the overall governance.
The IT strategy extends the organization's strategies and objectives.
Management of suppliers and partner risks
A structure that facilitates the creation and sharing of business information.
Top management mediation between the imperatives of business and technology.
A knowledge base on customers, products, markets and processes is in place.
Security requirements are driven by enterprise requirements
Institutionalized and commoditized solutions.
Baseline security following best practices.
An understanding of risk exposure.
Chief executive officer.
Board of directors.
IT steering committee.
Senior business management.
The chief security officer.
The chief information officer.
Quality assurance management.
Standards and guidelines.
Include a mix of members from different departments and staff levels.
Ensure that IS security policies and procedures have been executed properly.
Have formal terms of reference and maintain minutes of its meetings.
Be briefed about new trends and products at each meeting by a vendor.