Question

The primary focus of information security is the balanced protection of the confidentiality, integrity, and availability of data while maintaining efficient policy implementation and without disrupting organizational productivity. What are some of the best ways to keep this balance? 400 words or more please

Answer 1

One of the best ways to keep this balance is by having an information security strategic plan. This kind of plan can help the employees & the management to focus their efforts in the right direction & also accomplishment of goals.

This plan can position an organization to mitigate, transfer, accept or avoid risk relating to people, process or technology. They also provide adequate steps to protect the confidentiality, integrity & information availability of the organization. The business benefit of the plan is to provide competitive advantage to the organization. These would include complying with industry standards, avoiding a damaging security incident, retaining the business reputation & supporting the commitment of the shareholders, customers, suppliers etc.

Drivers supporting the plan can include:

• Defining consistent and integrated methodologies for design, development and implementation;

• Detection & resolution of problems.
• Reducing time to delivery from solution concept through implementation;
• Provisioning flexible and adaptable architectures;
• Proactively making decisions to more efficiently deliver results;
• Elimination of redundancy to support the achievement of objectives in a better manner.
• Planning on human resources management by relying on external expertise when there is requirement to augment the internal staff.
• Evolving into an organization where security is integrated as seamlessly as possible with applications, data, processes and workflows into a unified environment.

A gap assessment of an organization’s current state and existing efforts is an important first step in establishing a security strategic plan. A documented information security program assessment against a defined standard such as ISO/IEC 27002 — especially when that standard is a part of the strategy — enables more efficient planning. Additional steps to building a policy include defining the vision, mission, strategy, initiatives and tasks to be completed so they enhance the existing information security program.

An information security strategic plan can be more effective when a holistic approach is adopted. This method requires the integration of people, process and technology dimensions of information security while ensuring it is risk-balanced and business-based. It requires a clear alignment between business and IT strategies. The better the alignment and integration to strategic decision-making, the easier it is to meet expectations and get the right things done in a prioritized order.

Executing a security strategic plan is a critical success factor for organizations that truly want to maximize their ability to manage information risk. Committing to this process takes resources and time. To be fully effective, security leaders need to be viewed as adding value to the business and IT strategic planning processes, focusing on how their strategy can enhance the business and help it succeed.

Student,

Please let me know if this is sufficient by inserting a comment rather than rating thumbs down. Thanks.