Summary

Planning is a vitally important and cost-effective way to establish a corporate information and information systems assets protection environment. It will help focus on tasks that will effectively and efficiently meet the planning goals and objectives of a CIAPP. As part of that planning, the ISSO should consider the following points:

• The IWC InfoSec Strategic, Tactical, and Annual Plans must be mapped and integrated into the IWC Strategic, Tactical and Annual Business Plans.

• The CIAPP-related plans must incorporate the InfoSec Vision, Mission, and Quality Statements, and their philosophies and concepts.

• The CIAPP-related plans must identify strategies, goals, objectives, and projects that support each other and the IWC plans.

• By mapping the goals of the IWC plans with those of the CIAPP-related plans, the required information fusion can take place and can be graphically represented.

• Mapping will make it easier for the ISSO to write the applicable InfoSec plans.

• The InfoSec Annual Plan generally consists of projects that are the building blocks of the CIAPP following the strategies and tactics of the ISSSP and ITP.3