Information security goes beyond technology and its management processes, since it deals both with information technology and with information in its different expressions. Information security comprises human, , environmental factors and those of the context which are not initially explicit in an Information Technology Strategic Plan (ITSP), but shall be viewed through a lens of risk management and organizational culture.
The Information Security Strategic Plan (ISSP) supplements the ITSP, by defining a set of steps and stages which build up security services in each technological layer, consistent with the corporate needs and risks identified. Thus, security becomes a facilitator of services instead of a limitation to the same.
An ISSP determines:
- Vulnerabilities, threats and risks are identified for each technological layer.
- A set of vectors for security services which enable minimizing risks to acceptable levels on each stage of the technological set up. .
- A human organization required for each maturity level in the management of information risk.
- The management processes required.
- The budget required for each stage.
RSM consulting services on strategies for Information Security will help you build up security services in accordance to your risks, capacities, budgets and organizational maturity levels.