Information Security Strategy: Snog, Marry, Avoid
A strong information security strategic plan puts an organisation in a strong place to mitigate, transfer, accept or avoid information risk related to people, processes and technologies. It provides the roadmap for getting to a desired end-state to help the organisation adequately protect the confidentiality, integrity and availability of information.
Traditionally this plan was created in a darkened room like a dark art and kept as a closely guarded secret by the infosec department but that’s not going to work anymore. Information security should be seen and treated as a business enabler and that means going out there and actually talking to people to find out what’s important to support the goals and aims of your organisation. So, who do you need to snog, marry, avoid?