Title (eng): Developing an information security strategy
Kraus, A. (Armin)
Masterarbeit, Fachhochschule St. Pölten, Masterstudiengang Information Security, 2018
This master thesis addresses the topic of information security, more specific, how to develop an information security strategy. An information security strategy is the commitment of the management related to information security. This commitment is the official order to establish security within the company. One of the most frequently asked question after this commitment is; How to develop such a strategy? This research is exactly focused on this question and makes use of existing business models / corporate strategy development models / business development tools. Current existing methodologies such as SWOT analysis, Business Model Canvas, Ansoff matrix, Boston Consulting Group matrix, McKinsey 7S model and stakeholder analysis will be analyzed and adapted for information security strategy development. The modification of these models allows the identification of corporate information security objectives and their impact on the company. This identification will be enabled through different analysis methodologies which cover risk based, stakeholder based and vision based approaches. In addition, these models can also be used as technical base analysis, specific risk mitigation, risk mitigation in relation to business objectives or impact analysis. Further, a ‘checklist’ will be provided what should be at least in an information security strategy. This research also contains practical examples for these adapted models, an example information security strategy and a comparison of these developed models. These information’s can be used by anyone to form an information security strategy related to their own corporation.
Object languages: English
© All rights reserved
Classification: Sicherheit ; Strategie