Within behavioral management theory, entity leaders have alternative approaches available to accomplish information assets safeguarding objectives development — including participative, consultative, free rein, and autocratic models. Participative behavioral management emphasizes consideration and incorporation of employee views in decisions, while maintaining managerial decision authority. Consultative behavioral management stresses consideration of employee views, without incorporation, while maintaining managerial decision authority. Free rein management allows employees to make their own decisions concerning subject matters. Lastly, autocratic management underscores dictating decisions to employees. Based on empirical evidence, most entities currently prefer deploying a participative approach to managing entity-centric objectives development.
Setting objectives and establishing processes to accomplish designed objectives is a managerial responsibility. Tactically, the manager responsible for a plan’s implementation should set objectives with advice obtained from the entity’s planning committee, top-level executives and line subordinates. To this end, the Management by Objectives (MBO) methodology normally drives employee consensus building. However, an entity’s planning committee and top-level executives may be too removed from daily information security operations to yield reasonable objectives. Furthermore, line subordinates may have limited knowledge concerning organizational intricacies to permit adopting recommended information security objectives. Therefore, a security manager may have to rely on evaluating generally accepted information security frameworks to develop entity-centric objectives.
“View Part I of the Developing Objectives series here“