Information Systems Security Strategy: A Process View
This chapter adopts a process view of information security strategy. That is, it is centrally concerned with how to "make" strategy; this extends the concern about what strategy "is." From a process viewpoint, information security strategy involves one or more strategy-setting pr...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Book Chapter |
| Published: |
M E Sharpe Inc
2008
|
| Online Access: | http://hdl.handle.net/20.500.11937/29094 |
| _version_ | 1848752711666761728 |
|---|---|
| author | Baskerville, Richard Dhillon, G. |
| author2 | D W Straub |
| author_facet | D W Straub Baskerville, Richard Dhillon, G. |
| author_sort | Baskerville, Richard |
| building | Curtin Institutional Repository |
| collection | Online Access |
| description | This chapter adopts a process view of information security strategy. That is, it is centrally concerned with how to "make" strategy; this extends the concern about what strategy "is." From a process viewpoint, information security strategy involves one or more strategy-setting processes. Such processes require an assessment of the goals for organizational information security. Examples include compliance with regulatory requirements, national and international standards, and professional practices. The strategy-setting process may be organized using a product criterion or a process criterion. A product criterion would organize the strategy-setting process by grouping activities according to the end products of the process. The products of strategy setting include statements of vision, core values, rationale, and strategic plans such as the security organization structure, security operations, and security budgeting strategy. A process criterion would organize the strategy-setting process by grouping activities according to major components, such as the alignment of security with organizational strategy, the planning of operational strategies, and the planning of security organizations. This chapter elaborates not just security goals, but the goal assessment process; not just the security criteria, but the criterion organizing processes; and not just the products of the strategic processes, but the strategy-setting processes themselves. |
| first_indexed | 2025-11-14T08:12:58Z |
| format | Book Chapter |
| id | curtin-20.500.11937-29094 |
| institution | Curtin University Malaysia |
| institution_category | Local University |
| last_indexed | 2025-11-14T08:12:58Z |
| publishDate | 2008 |
| publisher | M E Sharpe Inc |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | curtin-20.500.11937-290942022-11-21T06:47:07Z Information Systems Security Strategy: A Process View Baskerville, Richard Dhillon, G. D W Straub S Goodman R Baskerville This chapter adopts a process view of information security strategy. That is, it is centrally concerned with how to "make" strategy; this extends the concern about what strategy "is." From a process viewpoint, information security strategy involves one or more strategy-setting processes. Such processes require an assessment of the goals for organizational information security. Examples include compliance with regulatory requirements, national and international standards, and professional practices. The strategy-setting process may be organized using a product criterion or a process criterion. A product criterion would organize the strategy-setting process by grouping activities according to the end products of the process. The products of strategy setting include statements of vision, core values, rationale, and strategic plans such as the security organization structure, security operations, and security budgeting strategy. A process criterion would organize the strategy-setting process by grouping activities according to major components, such as the alignment of security with organizational strategy, the planning of operational strategies, and the planning of security organizations. This chapter elaborates not just security goals, but the goal assessment process; not just the security criteria, but the criterion organizing processes; and not just the products of the strategic processes, but the strategy-setting processes themselves. 2008 Book Chapter http://hdl.handle.net/20.500.11937/29094 M E Sharpe Inc restricted |
| spellingShingle | Baskerville, Richard Dhillon, G. Information Systems Security Strategy: A Process View |
| title | Information Systems Security Strategy: A Process View |
| title_full | Information Systems Security Strategy: A Process View |
| title_fullStr | Information Systems Security Strategy: A Process View |
| title_full_unstemmed | Information Systems Security Strategy: A Process View |
| title_short | Information Systems Security Strategy: A Process View |
| title_sort | information systems security strategy: a process view |
| url | http://hdl.handle.net/20.500.11937/29094 |