Abstract

The fundamental understanding of information security strategy (ISS) in an organization is lacking. The ISS has often been equated to anti-virus deployment or installing a firewall; neither of which forms the essence of strategy. Rather, it usually equates to tactical, technical requirements only. However, the ISS best integrates with business and information system strategies from the start, forming and shaping the direction of overall strategy synergistically within an organization. The study develops the background for the roles an ISS takes and the choices an information security professional makes in selecting an ISS—which could result in abuse of an ISS. The contribution to the field would be delivering a matrix of roles to operationalize an ISS in a way that an organization senses where it is going and provides guidelines as to the methods the ISS is implemented through the proposed role selection and subsequent implementation.

Share

COinS
 

Information Security Strategy: In Search of a Role

The fundamental understanding of information security strategy (ISS) in an organization is lacking. The ISS has often been equated to anti-virus deployment or installing a firewall; neither of which forms the essence of strategy. Rather, it usually equates to tactical, technical requirements only. However, the ISS best integrates with business and information system strategies from the start, forming and shaping the direction of overall strategy synergistically within an organization. The study develops the background for the roles an ISS takes and the choices an information security professional makes in selecting an ISS—which could result in abuse of an ISS. The contribution to the field would be delivering a matrix of roles to operationalize an ISS in a way that an organization senses where it is going and provides guidelines as to the methods the ISS is implemented through the proposed role selection and subsequent implementation.