Information Technology Reference
In-Depth Information
$$$
Ethics
Liability
Risk
Manager
Stakeholder
Value
-
+
Figure 5.7
Manager responsibility juggling.
n
−
Ethical codes
Professional organizations where membership requires adherence to
proper behavior
Personal integrity and values; personal morality based on faith or reli-
gious practice
Risk
Identifying, prioritizing, and determining the best way to address risk,
and budgeting
−
n
−
The process of getting to business drivers is a lot like root cause analysis; after
weeding through a lot of things that sort of look like what you are after, an educated
guess is often as good as it gets. The bottom line for most commercial businesses is
money, be it shareholder value, CEO bonus, balance sheet ratios, revenue, or cost
management. Information assurance (IA) may align with revenue generation, cost
reduction, cost avoidance, or risk management.
Managing business risk
is a key busi-
ness driver for managers and executives.
A comprehensive business risk management program addresses stakeholder
value in terms of risk acceptance, risk mitigation, risk sharing, and risk transfer-
ence all in context of:
n
−
−
People (IA
2
people view)
Safety of personnel
Security education, training, and awareness (SETA) for personnel for
effective management, administration, and use of IA
Mission (IA
2
policy view)
Define the mission and boundaries for mission integrity.
n
−
