Security Assurance Through Strategic Information Systems Planning
Abdisalam Issa-Salwe1, Khurram Mustafa2
1Dr Abdisalam Issa-Salwe, Department of Information Systems College of Computer Science and Engineering, Taibah University, Madinah, Saudi Arabia.
2Prof Khurram Mustafa, Department of Information Systems, College of Computer Science and Engineering, Taibah University, Madinah, Saudi Arabia.
Manuscript received on May 12, 2016. | Revised Manuscript received on May 18, 2016. | Manuscript published on July 05, 2016. | PP: 1-6 | Volume-6 Issue-3, July 2016. | Retrieval Number: C2856076316
Open Access | Ethics and Policies | Cite
© The Authors. Published By: Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Strategic Information Systems Planning (SISP) and pertinent Information Security Policy (ISP) in organisations are largely inevitable in the contemporary business systems. Embedding information security policy within the organisation’s strategic information system planning is essential for the effectiveness of using information systems in modern systems in a secure environment. A survey of relevant literature on SISP and ISP in organisations’ processes reveals a close relationship between them and draws attention to how contradictions within this relationship may threaten as well. We explore the importance of embedding the ISP process within the SISP, and how these two issues are vital to organisations. It is further established the inevitable complementary role of these to ensure the effectiveness of contemporary information systems. The strategic planning information system makes certain that new systems are deployed in a way that maintains the strategic objectives of an organisation while the security policy provides a framework for verifying that systems are shaped and managed in a secure manner. Embedding ISP in SISP appears to increase progressively the security capability of an organisation, and hence, the deliverables from the SISP process may be more effective, efficient and hencefsystems came with huge complexities beneficial to the organisation. Although organisations may face security glitches throughout the application and operational phase, they must try hard such an inevitable embedding to avoid certain catastrophic risks, assure business continuity and enhance overall productivity. Finally, a cyber sensitive audit and control based ISP Components-based framework is proposed for embedding ISP into SISP, right from instantiation..
Keywords: Strategic Information Systems Strategy, Information Systems (IS), Information Technology (IT), Information Security Policy, Contemporary Business, Security Risk, Business Continuity Planning (BCP).