|
To ensure that the InfoSec program supports the company's business services and products, the ISSO must think of methods, philosophies, and processes that will help the company in gaining a competitive advantage. Such methods and philosophies should include a team approach. That is, have the company employees and especially management support your InfoSec program.
To help in that endeavor, you should strive to insert, in appropriate company policy documents, policies which can help support your efforts. The following are some examples that may be useful in incorporating into company policy documents support for your InfoSec program and your quest to assist the company in gaining a competitive advantage through InfoSec:
Managers will ensure a compliant InfoSec program within their organization.
Managers will develop our customers' trust that their sensitive information will be effectively protected while under our control.
Managers will employ cost-effective InfoSec systems and strive to help keep the price of our company's services and products as low as possible relative to our competitors.
Managers will help keep the company's overhead down through effective loss prevention and assets protection processes.
Managers will minimize the adverse impact of our InfoSec controls on the efficiency of the company's operational functions by working with the InfoSec staff to find the most cost-effective ways of protecting our information assets.
Managers will proactively find ways to securely and efficiently provide the company's services and products.
|