CyberSecurity: How Organizations are Governed?

All organizations have a structure and all organizations must make plans. They organize themselves in ways that make the most sense for the business that they perform and to meet the needs that they can identify. They also make plans using a defined process or else they build plans on the fly while operating the business. Well run organizations try to manage their governance processes and management structure through well-developed governance processes. They also must manage the strategic planning process to get the best results possible.

   

How governance and planning are elements of a well run moderate or large size organization?
Governance is the responsibility of the higher level executives to determine how an organization is structured and organized. Executives in the organization have to be involved in security strategy. They have to take responsibility for how strategy will be implemented and monitored in the organization as part of their oversight responsibilities. According to the Information Technology Governance Institute, security governance includes several concepts. These include accountabilities and methods undertaken by the board of directors and executive management to provide strategic direction, establish objectives, measure progress toward those objectives. Verify that risk management practices are appropriate and validate that the organization's assets are used appropriately.
The recommended approach seek to increase the recognition and responsibility of security through the concept of governance, all the way up to the board of directors and see level. Executives and the board of directors must ensure they understand the security and technology implications for their organization. They need to understand specifically, how information security objectives must be addressed by the highest levels of the organization management team in order to be effective and offer a sustained approach. Usually, the top security officers are responsible for policy, incident response, and auditing. And they work with the lower managers to implement compliance and handle training programs.

     

One of the key accountabilities of executives after governance is planning. Planning is the enumeration of a sequence of action steps intended to achieve specific goals and then controlling the implementation of these steps. Planning provides direction for the organization's future. Strategic planning is that disciplined effort to produce fundamental decisions and action that shape and guide what the organization is, what it does and why it does it. All with a focus on the future. Whenever you use the term strategy you're really talking about the end product, the plan. Strategic planning is the process. It's also the basis for our long-term direction which is our ultimate goal in a strategic planning process. We define what the organization is going to do to obtain a specific set of goals which we also have to define. Planning guides the organizational effort and focus resources on obtaining those goals. As President Eisenhower is credited for saying, plans are useless, but planning is invaluable. When it comes to strategy and strategic planning, everything starts at the top of the organization. Once the senior management has developed the top level strategies, those plans are broken down into tactical plans. And operational plans, designed to support those higher level plans. Organizations that seek to improve the cyber security of their operations must organize themselves by adapting sound governance practices and they must also optimize business operations with effective planning.

https://www.coursera.org/learn/business-of-cybersecurity-capstone/home/welcome