As the newly hired chief information security officer (CISO), you are tasked with developing the Best Care Community (BCC) hospital’s information security program. There is no information security program in place, and your first task is to create the enterprise information security strategy that encompasses the company’s mission, goals, and objectives, as well as appropriately reflects the risk tolerance and risk appetite of the company as a whole.

Review the Best Care Community Profile for Development of the Information Security Program to become familiar with the mission of the hospital.

1. Questions
2. Describe the three phases of strategic planning.
3. Diagram the three strategic planning phases with each of the five information security tasks as outlined in the BCC profile, mapping each to its respective strategic planning phase.
4. Describe the balanced scorecard domains.
5. Map the BCC business objectives into the appropriate balanced scorecard domains.
6. Recommend a prioritized list of BCC information security objectives mapped to the business objectives.
7. Map the BCC information security objectives into the appropriate balanced scorecard domains in a matrix format that depicts the objectives and initiatives.

Write a report that recommends one of the enterprise control frameworks. Your report should:

• Describe your chosen enterprise architecture framework.
• Determine how the business objectives correspond to the information security strategic objectives.
• Explain how the enterprise architecture framework can be used to achieve business and information security alignment.