During development of an information security policy, which of the following would BEST ensure alignment to business objectives?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
During the development of an information security policy, it is important to ensure that the policy is aligned with the overall business objectives of the organization. This is because information security is not an isolated function but rather an integral part of the business operations.
Out of the given options, the BEST approach to ensure alignment to business objectives is to seek input from relevant stakeholders. Stakeholders can be defined as individuals or groups who have an interest in the success of the organization, and their input can help to ensure that the security policy aligns with the overall business objectives.
Incorporation of industry best practices (Option A) is important, but it does not necessarily ensure alignment with the organization's specific objectives. Best practices are often generic and may not take into consideration the unique needs and objectives of each organization.
Linkage between policy and procedures (Option B) is essential for the implementation of the security policy, but it does not necessarily guarantee alignment with business objectives. The procedures must be consistent with the policy, but the policy itself must align with the business objectives.
The use of a balanced scorecard (Option C) is a performance management tool that can help to align the organization's activities with its strategic objectives. However, the scorecard is not directly related to the development of the information security policy.
Therefore, seeking input from relevant stakeholders (Option D) is the best approach to ensure alignment with the organization's business objectives. The input from stakeholders can help to identify the specific security risks and requirements of the organization, and ensure that the security policy addresses these requirements while aligning with the overall business objectives.