|
Planning is a vitally important and cost-effective way to establish a corporate information and information systems assets protection environment. It will help focus on tasks that will effectively and efficiently meet the planning goals and objectives of a CIAPP. As part of that planning, the ISSO should consider the following points:
The IWC InfoSec Strategic, Tactical, and Annual Plans must be mapped and integrated into the IWC Strategic, Tactical and Annual Business Plans.
The CIAPP-related plans must incorporate the InfoSec Vision, Mission, and Quality Statements, and their philosophies and concepts.
The CIAPP-related plans must identify strategies, goals, objectives, and projects that support each other and the IWC plans.
By mapping the goals of the IWC plans with those of the CIAPP-related plans, the required information fusion can take place and can be graphically represented.
Mapping will make it easier for the ISSO to write the applicable InfoSec plans.
The InfoSec Annual Plan generally consists of projects that are the building blocks of the CIAPP following the strategies and tactics of the ISSSP and ITP.3
|