The new emphasis on physical security resulting from the terrorist threat has forced many information security professionals to struggle to maintain their organization's focus on protecting information assets. In order to command attention, they need to emphasize the broader role of information security in the strategy of their companies. Until now, however, most books about strategy and planning have focused on the production side of the business, rather than operations.
Strategic Information Security integrates the importance of sound security policy with the strategic goals of an organization. It provides IT professionals and management with insight into the issues surrounding the goals of protecting valuable information assets. This text reiterates that an effective information security program relies on more than policies or hardware and software, instead it hinges on having a mindset that security is a core part of the business and not just an afterthought.
Armed with the content contained in this book, security specialists can redirect the discussion of security towards the terms and concepts that management understands. This increases the likelihood of obtaining the funding and managerial support that is needed to build and maintain airtight security programs.