1. Few InfoSec business units can generate revenue. Do you think Iris should word her plans to be in support of IT efforts to support revenue-generating business units, or should she adopt Mike’s goal and also seek to support the profit centers of the company directly? Why is the second choice better for Iris and the InfoSec unit?

Iris should adopt Mike’s goal. A good infosec plan will support the business as a whole and ensure all facets of the company will run as efficiently as possible. While the Infosec business unit will not directly generate profit, it will allow the business to be successful and to achieve its designated goals.

2: What options will Iris have if she finds an IT strategic objective that she thinks would reduce the security of RWW’s information assets?

Iris will need to bring forth her objectives to the proper channels and work with those that need to be involved. Iris should also have a contingency plan in place to ensure the best solution is implemented. It is also important to be prepared to detail all facets of her objective and be willing to modify it when needed.