From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance

Aligning security with the business

- [Instructor] Security professionals must always remember that they perform a supporting service to the organization. While security is extremely important, it's not the reason that the business exists. Every organization has its own mission, and security is one of many tools that help the organization achieve that mission. Security leaders should think of themselves as wearing two different hats. Certainly, they are the subject matter experts in the organization on issues of confidentiality, integrity and availability. The organization will look to them for leadership and the protection of information assets, response to security incidents and other typical security functions. At the same time, security leaders must also be business leaders who understand the primary mission of the organization, including both its strategic and tactical objectives. They must understand the short-term and long-term goals of the…
