Jul 2, 2007
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to define a set of information security principles to assist organisations to better protect and secure their information assets and achieve regulatory compliance.
CEOs and Boards of Directors are ultimately responsible for protecting enterprise information (both physical and electronic) from unauthorised access or damage—whether malicious or accidental. The security of information is vital for an organisation, operationally, legally and financially. Failure to fully understand these requirements can have serious consequences for the business, its owners and managers.
The following principles underpin the enterprise’s strategy for protecting and securing its information assets:
- 1. Information Security is Integral to Enterprise Strategy
- 2. Information Security Impacts on the Entire Organisation
- 3. Enterprise Risk Management Defines Information Security Requirements
- 4. Information Security Accountabilities Should be Defined and Acknowledged
- 5. Information Security Must Consider Internal and External Stakeholders
- 6. Information Security Requires Understanding and Commitment
- 7. Information Security Requires Continual Improvement