It’s one thing to establish a security program that meets the needs of your organization. However, it can be accomplished if you take a multi-faceted approach to information security management that incorporates organizational, managerial and operational aspects that are closely associated with the business. The approach can be condensed into three major areas: assessment, implementation and monitor/measurement. The most important business areas to align with include compliance, governance, business continuity, operational risk and audit. Security professionals must make themselves visible and known to business management, especially business leaders.”]
Source: https://www.csoonline.com/article/2122918/information-security-management–the-basics.html