Professional Documents
Culture Documents
SYSTEM
STRATEGY AND
POLICY
2 0 1 7 U E D, V U T H I T R A
STRATEGIES
AND POLICIES
FOR IS
SECURIT Y
PA R T 2
VTT 2
OBJECTIVES
VTT 3
6 KEY POLICY COMPONENTS
VTT 4
6 KEY POLICY COMPONENTS
http://www.instantsecuritypolicy.com
VTT 6
SECURITY POLICIES
http://www.instantsecuritypolicy.com
VTT 7
HOW TO WRITE AN INFO
SECURITY POLICY
1. Create framework
2. Make it about mandates
3. Employing sub-policies
4. Supplementary documents
Roles and responsibilities
Technology standards
Process
Procedures
Guidelines
CSO from IDG, 2017
VTT 8
HOW TO WRITE AN INFO
SECURITY POLICY
5. What an information security includes
Scope
Information classification (rather than generic "confidential" or
"restricted)
Management goals
Context
Supporting documents
Specific instructions
Responsibilities
Consequences CSO from IDG, 2017
VTT 9
INFORMATION
SECURIT Y
STRATEGIC
PL AN
UNIVERSITY OF CONNECTICUT
VTT 10
IT SECURITY PROGRAM
Risk
Assessment
Identify
Measure
Controls
Implement
Resource
and Mitigate
VTT 11
STRATEGIC OBJECTIVES
University of Connecticut
VTT 12
KEY INITIATIVES
University of Connecticut
VTT 13
INFORMATION
SECURIT Y
STRATEGY IN
ORGANIZ ATIONS
HORNE ET AL., 2015
AUSTRALASIAN CONFERENCE ON
I N F O R M AT I O N S Y S T E M S
VTT 14
BUILDING INFORMATION
SECURITY STRATEGY
1. Information Security Strategy: Plan or Process?
2. The Information Security Strategy Construction
Conceptualisation
Levels of analysis (individuals, groups, organizations)
Measurement domains
3. The Information Security Strategy Nomological Network
Antecedents
Constituents
Yields
Key findings of thematic analysis Horne et al, 2015
VTT 15