The Enterprise Information Security Policy as a Strategic Business Policy within the Corporate Strategic Plan
نویسنده
چکیده
Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks [1][2], but also as a corporate enabler that supports and contributes to the sustainability of organizational operations [3]. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities [4] and may be represented as a brief statement that defines program goals and sets information security and risk requirements [5].
منابع مشابه
An Integrative Alignment Approach for Information Security Policy in the Context of Strategic Planning
The enterprise information security policy is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. There are however limitations in current approache...
متن کاملAligning the information security policy with the strategic information systems plan
Two of the most important documents for ensuring the effective deployment of information systems and technologies within the modern business enterprise are the strategic information systems plan [SISP] and the information security policy. The strategic information systems plan ensures that new systems and technologies are deployed in a way that will support an organisation’s strategic goals whi...
متن کاملCritical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)
The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...
متن کاملTowards a Global Framework for Corporate and Enterprise Digital Policy Management
While DRM has now matured to be a recognized and established domain it is currently struggling with interoperability issues mainly on a sector basis (entertainment and media, mobile, enterprise). In the enterprise sector, DRM was fueled by corporate scandals leading to compliance issues mandated by emerging regulatory frameworks. In this context, we make the case for the necessity of raising th...
متن کاملEnterprise modelling with UML
Making effective project selection decisions in an enterprise requires a clear idea of where the enterprise is in the current state, what its vision for the future is, and how to make a transition to its desired future state possible. A strategic plan is a document that encompasses this information and is produced as an output of corporate strategic planning. In this paper we examine business m...
متن کامل