IT Security Planning Strategy Checklist

Download Free IT Security Planning Strategy Checklist

Legal and regulatory
Health, government, and finance have specific legal and regulatory requirements for security. In the case of the government, these requirements are very specific. In the banking industry, the requirements may be more stringent but open to a level of interpretation. However, most industries have to consider such legalities as privacy, data protection, and human rights legislation. For more details, see the chapter on law later in this volume.

Business strategy
If the CEO is determined to brand the organization as the most secure bank in the country, your security arrangements must reflect this claim, because you can be sure someone is going to put the claim to a test. If you are a small engineering firm, maybe you can be less rigorous.

IT strategy
If your IT director is determined to outsource your entire IT organization or replace all systems with SAP, your security strategy better reflect this change.You need to spend less money on security tools to deliver access controls and more on compliance audits to check them.

Partners and suppliers
If your organization partners with the military, you will be asked to gain security clearance for your staff and key systems. Suppliers may be forced (by legislation) to insist that you meet certain standards.

Value of brand image
A supplier of security software will have to have good security; otherwise, the brand image will suffer.This is similar for banks, insurance, health care, and a number of other key industries.

Customers Obviously, customer expectations count.

Rivals

Value of data assets and systems