Planning and Governance

So we have started a few weeks ago with a discussion of the importance of information security on business and how project management methodologies can improve and increase the success of implementation and monitoring of information security...lets call these the what and how.

How about the why?

Ultimately an IT Governance and strategic planning must incorporate the security needs of a business. Only by aligning the goals of the entire organization with the IT efforts will we realize the full benefits of such resource intensive and costly endeavors.

So lets, first and foremost, make sure we are "doing the right work" and not necessarily focusing on "doing the work right" at this point in time.

Strategic and tactical planning give us a solid framework for governance - both long term goals and short term goals that are measurable.