The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)
Corpuz, Maria (2011) The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract). In Callaos, Nagib & Chu, Hsing-Wei (Eds.) Proceedings of the 15th World Multi-Conference on Systemics, Cybernetics and Informatics, International Institute of Informatics and Systemics (IIIS), Orlando, FL, USA, pp. 275-279.
Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||Conference Paper|
|Keywords:||information security management, enterprise information security policy, strategic management|
|Subjects:||Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > OTHER INFORMATION AND COMPUTING SCIENCES (089900) > Information and Computing Sciences not elsewhere classified (089999)
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
|Copyright Owner:||Copyright 2011 Please consult the author.|
|Deposited On:||08 Jul 2012 22:55|
|Last Modified:||09 Jul 2012 11:29|
Repository Staff Only: item control page