Let’s first define what Information Security strategy is:Information Security Strategy is a plan of actions that takes the information security function from mission to vision.
Information security function is seen as a fire-fighting and overhead cost, for that there is a need to change this image and information security profile in the organisation.
Building an information security strategy is very important to the business for the following reasons:
- Optimising resources and prioritising tasks for information security functions.
- Risk management in the organisation become more effective.
- Improve communication with organisation’s executives as strategy is the common language to them.
- Raise information security profile in the organisation.
When we start to build our information security strategy we should put in our mind the following:
- The information security strategy should align with and contribute to achieve the organisational strategy.
- Information security strategy has three distinct aspects (supporting the business, defending against threats and raising the profile in the information security function)
- Standard strategy tools and techniques (such as value chain analysis, risk analysis and strategic mapping) could be used to build it.
Reference: ISF & IsecT dotcom
1 comment:
Hi,
Of course the Information Security Strategy is based on the Business Strategy. To this end the Enterprise Architecture for the organisation should be vehicle that provides the guidance for the Info Sec Strategy. Actually, if you get get it embedded or entwined, then the simpatico of the two will produce an effective outcome.
Post a Comment