QUT ePrints

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Corpuz, Maria (2011) The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract). In Callaos, Nagib & Chu, Hsing-Wei (Eds.) Proceedings of the 15th World Multi-Conference on Systemics, Cybernetics and Informatics, International Institute of Informatics and Systemics (IIIS), Orlando, FL, USA, pp. 275-279.

View at publisher

Abstract

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

Impact and interest:

Citation countsare sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

158 since deposited on 08 Jul 2012
90 in the past twelve months

Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 51493
Item Type: Conference Paper
Keywords: information security management, enterprise information security policy, strategic management
ISBN: 9781936338313
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > OTHER INFORMATION AND COMPUTING SCIENCES (089900) > Information and Computing Sciences not elsewhere classified (089999)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2011 Please consult the author.
Deposited On: 09 Jul 2012 08:55
Last Modified: 09 Jul 2012 21:29

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page