Security Governance, Management and Strategic Alignment via Capabilities

Stripped down to its essentials a business is a collection of capabilities organized to achieve a purpose. Exactly how well those capabilities are organized and optimized around a strategy impacts the performance of the entire enterprise [2]. Capabilities are the adhesive which holds together information security governance and organizational strategy [3]. There is a domino effect in that the potency of day-to-day security operations is a byproduct of a security management, which is a byproduct of security governance which is a byproduct of organizational governance. Organizational governance is concerned with ensuring the enterprise maintains alignment with its short and long-term strategic goals. Thus, the work of aligning security governance and organizational strategy is consonant with the work of recognizing which capabilities are aligned with short and long-term goals and ensuring those capabilities remain protected through a sound and comprehensive security governance and security management program