Makes a lot of sense. Years ago, the ISM3 (Information Security Management Maturity Model) prescribed a similar approach to align Business Goals with Security Goals and ultimately Security Targets. This provided a model for cyber security managers and CISOs to demonstrate the value of cyber security in the boardroom.
This approach helps to develop metrics that clearly show how cyber security actions directly connect with higher-level business goals (for example, higher customer satisfaction/ lesser complaints that you mentioned).
This is the logical representation:
Business Goals --> Security Goals --> Security Targets.
Often, cyber pros view security through just a technical lens. But in Malaysia’s “heavily” regulated industries, there’s a shift, thanks to forward-looking regulatory requirements aligning with international standards such as the ones you quoted above.
Makes a lot of sense. Years ago, the ISM3 (Information Security Management Maturity Model) prescribed a similar approach to align Business Goals with Security Goals and ultimately Security Targets. This provided a model for cyber security managers and CISOs to demonstrate the value of cyber security in the boardroom.
This approach helps to develop metrics that clearly show how cyber security actions directly connect with higher-level business goals (for example, higher customer satisfaction/ lesser complaints that you mentioned).
This is the logical representation:
Business Goals --> Security Goals --> Security Targets.
Anup
Well said, Anup!
Often, cyber pros view security through just a technical lens. But in Malaysia’s “heavily” regulated industries, there’s a shift, thanks to forward-looking regulatory requirements aligning with international standards such as the ones you quoted above.