Developing the Corporate Strategy for Information Security

Imagine that you are working for a startup technology organization that has had overnight success. The organizations immediate growth requires for it to formulate a corporate strategy for information security. You have been recruited to serve as part of a team that will develop this strategy.

As part of the Information Security Strategy development, you are required to define specific Information Technology Security roles that will optimize and secure the organizations data assets.

Review the following website titled, Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development, located at, for additional information necessary to complete this assignment you may use, and it is encouraged to find additional sources for corroboration, or fresh ideas. I suggest no less than three additional sources.

Write an essay with no less than five pages in which you address which C-level function you would recommend at the top of the information security position, lay out his or her main function, and how he or she would delegate responsibilities by next level management, to include what competencies the individuals had and why.

Note: The above and what follows are guidelines. That is they are not to be answered, necessarily linearly, nor like short exam answers that must be answered. This is an essay, meaning you decide what needs to be covered and why, based on the overall lessons you want the reader to take away.

In this case the lessons may be a summary conclusion as it is more of an informational analytical paper than one that is drawing lessons and recommendations.

There are things you might want to work into the paper. Will you have a security strategic plan, if so why and what types of things would you include. Describe how the digital forensics function complements the overall security efforts of the organization. Evaluate the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.

Other possible considerations, depending on your approach could include the following. Apply any of the 14 areas of common practice in the Department of Homeland Security (DHS) Essential Body of Knowledge. Include best practices in cybersecurity.

Identify and analyze the role of the Chief Information Officer, Information Security Officer, and IT Security Compliance Officer in the context of cybersecurity. Compare and contrast the functional roles of an organization in the context of cybersecurity.

Describe the corollary roles of security in an enterprise. Evaluate the ethical concerns inherent in cybersecurity and how these concerns affect organizational policies. Use technology and information resources to research issues in cybersecurity.