Mission and Vision
- An organization doesn’t exist for no reason. It is founded for purposes and tasked with missions. Its vision coined by leaders motivates people who conduct activities directed by objectives and measured against metrics and indicators to create value, achieve (strategic) goals, and fulfill the vision and missions.
- Business refers to the collection of activities that create value. It is driven by the internal and external context of an organization that imposes conditions and constraints and stakeholders who express expectations, needs, and requirements.
Governance and Management
Governance refers to the holistic activities conducted by the highest rank of management, or top management, accountable for the business results, the survival and growth of the organization, and the fulfillment of the vision and missions. Policies are the expression of intentions of top management.
Management is a systematic approach to achieve goals or objectives. The PDCA cycle is one of the most well-known management approaches.
Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability (Tier 3), or CIA for short, support business (Tier 2), and create and deliver values (Tier 1).
- Information security governance is a discipline for top management to 1) assume the accountability of protecting organizational information assets and 2) direct the implementation of information security to achieve security objectives of confidentiality, integrity, and availability, and 3) comply with legal and obligatory and other requirements.
- Information security management is the PDCA cycle, that implements the information security strategy, to achieve strategic goals and fulfill information security policies.