Need help with a question
Assignment Content
1.
Top of Form
As the newly hired chief information security officer (CISO), you are tasked with developing the Best Care Community (BCC) hospital’s information security program. There is no information security program in place, and your first task is to create the enterprise information security strategy that encompasses the company’s mission, goals, and objectives, as well as appropriately reflects the risk tolerance and risk appetite of the company as a whole.
Review the
Best Care Community Profile for Development of the Information Security Program
to become familiar with the mission of the hospital.
This week you will complete the first steps of the initiative to develop the BCC enterprise information security strategy.
Part 1
Create a 14- to 16-slide Microsoft® PowerPoint® informative presentation for the BCC leadership in which you:
· Describe the three phases of strategic planning.
· Diagram the three strategic planning phases with each of the five information security tasks as outlined in the BCC profile, mapping each to its respective strategic planning phase.
· Describe the balanced scorecard domains.
· Map the BCC business objectives into the appropriate balanced scorecard domains.
· Recommend a prioritized list of BCC information security objectives mapped to the business objectives.
· Map the BCC information security objectives into the appropriate balanced scorecard domains in a matrix format that depicts the objectives and initiatives.
Include a title slide.
Note: There will be two balanced scorecard sets: one for the business objectives and one for the information security objectives. The
BCC BSC Scorecard Template
provides a template for the scorecards in each domain. You will need to duplicate and label the scorecard slides in the template to create two sets of balanced scorecards, as well as add appropriate slides for the additional required content.
Part 2
Write a 2- to 3-page report that recommends one of the enterprise control frameworks. Your report should:
· Describe your chosen enterprise architecture framework.
· Determine how the business objectives correspond to the information security strategic objectives.
· Explain how the enterprise architecture framework can be used to achieve business and information security alignment.
Bottom of Form