Abstract:
Not only is Information Security Strategy crucial to protect information systems, but it is central to organization survival. Harris (2006) believes security strategy should be customized because each organization is unique. Literature published from 2000 to 2008 examines information systems in the context of information security. Conclusions provide discussion of six key security policy components selected from ISO-27002 (2005), spanning definitions, objectives, management goals, controls, risk assessment, policies and standards, compliance requirements, and supporting references.