Aligning the information security policy with the strategic information systems plan

Two of the most important documents for ensuring the effective deployment of information systems and technologies within the modern business enterprise are the strategic information systems plan [SISP] and the information security policy. The strategic information systems plan ensures that new systems and technologies are deployed in a way that will support an organisation’s strategic goals whilst the information security policy provides a framework to ensure that systems are developed and operated in a secure manner. To date, the literature with regard to the formulation of the information security policy has tended to ignore its important relationship with the strategic information systems plan, and vice versa. In this paper we argue that these two important policy documents should be explicitly and carefully aligned to ensure that the outcomes of strategically important information system initiatives are not compromised by problems with their security.