I am attaching a project description.
The purpose of this research is to explore IT management’s perception of security, cost-effective management, and IT security governance.
To explore CISO roles in different organizations, CISOs’ place in organizational structure, their responsibilities, and influence on business.
To research implemented protection methods of organizations’ information assets, and executed frameworks, best practices, and information security standards.
To study some financial impacts on business by CISO’s performance in firm’s assets protection activity.
In quantitative data study to perform statistical analysis of given surveys data of perception IT security governance at organizations.
The questions to be answered:
1. What information security frameworks and standards are used in organization to create effective and protected business
2. What are CISO roles in effective management of human and technical resources and business processes
3. What impact CISO makes on business processes and company’s finances
A Provisional Table of Contents
2. Major Research Project Information
c. Research Questions
3. Literature Review
4. Global Security Trends and their affect on organizations
5. Information Security Organisational Structure, roles and responsibilities
6. Organizations’ information assets
a. Risk Assessment processes
b. Resources: On-premises and Cloud based
7. Chief Information Officer
a. Origins and evolution of CISO
i. Assets protection (Business Continuity, Disaster Recovery)
ii. IT Security Governance
iii. Strategic Innovations
iv. Monitoring and Assessing new technologies
c. Interaction with CEO, CTO, CIO, R&D, Sales and Marketing
d. Leadership and innovation
8. Information Security Management
b. Frameworks: COBIT, ITIL, CMMI (Capability Maturity Model Integration), ISO/IEC 27002, etc.
c. Compliances and regulations
9. Financial aspects CISO activity in ISM