Mapping ISSSP, ITP, and IAP to Projects using a Matrix
|
Another approach to mapping is using a matrix. This method can be used in a number of ways, and at various levels, such as IWC Strategic Business Plan to ISSSP. In the example provided in Figure 6.5, some mappings are intentionally left blank to show how easy it is to identify those items that map to others, and more importantly, those that don't!
| Projects | ISSSP | ITP | IAP |
|---|---|---|---|
| InfoSec Org. | X | X | X |
| Policies & Procs. | X | ||
| InfoSec Team | X | ||
| Process Protection | X | X | |
| InfoSec Functions | X | X | |
| Support IT Changes | X | X |
Figure 6.5: Matrix mapping, which can also be used to show the relationship—or lack of a relationship—between items.
This method can identify "holes" in your plans that must be addressed.
|
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
EAN: 2147483647
Year: 2002
Pages: 204
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP