Cover Image


Build an Information Security Strategy

出版商 Info-Tech Research Group 商品編碼 603326
出版日期 內容資訊 英文 97 Pages
商品交期: 最快1-2個工作天內
Back to Top
情報安全策略的策畫 Build an Information Security Strategy
出版日期: 2017年09月18日 內容資訊: 英文 97 Pages





  • 掌握目前安全對策的能力與實績。
  • 掌握情報安全部門的義務、範圍、境界、責任。
  • 確定組織狀況、達成情報安全對策目標。
  • 策畫可達成情報安全對策目標的策略與藍圖。
Product Code: 74131

Are you prepared to manage ever-increasing security pressures?

Organizational and IT changes, hackers, and much more present information security leaders with what sometimes seems like an insurmountable challenge: how to manage the risks their systems face in a cost-effective manner.

A comprehensive approach that assesses the organization expectations and obligations for the confidentiality, integrity, and availability of critical systems and data; current and future program capabilities; and budget and human resource constraints is needed to ensure that expectations can be met - or re-aligned, where necessary.

This action underscores the need for a scalable and iterative approach to designing, executing, maintaining, and communicating an effective and defensible information security strategy.

The blueprint will help IT security leaders:

  • Understand current security practice capabilities and performance
  • Understand your security obligations, scope, boundaries, and responsibilities
  • Establish a security target state based on your organizational context
  • Develop a strategy and roadmap to help you achieve your security target state

Executive Summary


Technology sophistication and business adoption, the proliferation of hacking techniques, and the expansion of hacking motivations from financial to now social, political, or strategic motivations have resulted in organizations facing major security risk. Every organization needs some kind of information security program to protect its systems and assets.


Performing an accurate assessment of your current security operations and maturity levels can be extremely difficult when you don't know what to assess or how, along with the fact that an assessment alone is only the starting point. Senior management wants to know that adequate targets have been determined and there is a robust plan for how they are going to be met.


Info-Tech has developed and tested a robust information security framework with supporting methodologies to generate your organization's comprehensive, highly actionable, and measurable security strategy and roadmap.

  • Robust security requirements gathering across the organization, key stakeholders, customers, regulators, and other parties ensure the security strategy is built in alignment with and supportive of enterprise and IT strategies and plans.
  • Info-Tech's best-of-breed security framework combines COBIT 5, ISO 27000 series, NIST SP 800-53, and CIS critical security controls to ensure all areas of security are considered, covered, and reported upon.
  • A comprehensive current state assessment, gap analysis, and initiative generation ensures nothing is left off the table.
  • Tested and proven rationalization and prioritization methodologies ensure the strategy you generate is not only the one the organization needs, but also the one the organization will support.
Back to Top