As with just about anything, an IT infrastructure also requires a well-thought strategy. The purpose of such strategy is to give the management the information to make informed decisions on security investments. Thestrategy bridges the security function and the business direction.
The Information Security strategy of an organization is the direction or the approach taken to meet one or more objectives related to the secure behavior of that organization. The strategy is realized through initiatives, where each represents an operational plan that achieves one or more security objectives, with to the goal to collectively achieve all of them.
WHY IS STRATEGY DEVELOPMENT NECESSARY?
Just as hackers and criminals never sleep, the Information Security Officer in your organization must regard Information Security not as a product, but as a process. Constantly evolving, adapting, putting up defenses to new and emerging security breach threats. A plan, written, implemented, and then locked away in a drawer, will only do good for a while. Until things change. Again. Continue reading “Who Needs Strategy Development in IT and Information Security?”