Developing and implementing an IT security governance program in an organization is not enough; it is equally

important to evaluate its efficacy. You have examined how the effectiveness of the security governance program of an organization can be measured by how well it results in six key outcomes. However, as a security professional you should understand how the six key outcomes shape and affect your security governance program.

Assess the importance and value of applying these objectives to improve security governance at an organization.

Choose an arbitrary organization and briefly describe the nature of its business. The organization can be a fictitious one or a real one about which you have knowledge. Now choose one of the six outcomes of effective security governance (ISACA, 2008, as cited by Brotby, 2009) that you think is the most important for your chosen organization.

Describe specific details about how the outcome can help determine the chosen organization’s security governance objectives. Justify your reason for choosing the particular outcome over others.