Scribd
Upload
114 views4 pages

Information Security Strategy - Sample Cism

The document outlines an organization's information security strategy to improve its cybersecurity posture and safeguard data. It identifies strategic initiatives like security awareness training and a technology roadmap. Key activities are implementing security policies, hardening systems, and developing checklists. Metrics include training completion rates, incident rates, and asset compliance. Milestones are set to achieve targets by 2025 with a $16,060 budget over 5 years.

Uploaded by

CEH Dre22
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
114 views4 pages

Information Security Strategy - Sample Cism

The document outlines an organization's information security strategy to improve its cybersecurity posture and safeguard data. It identifies strategic initiatives like security awareness training and a technology roadmap. Key activities are implementing security policies, hardening systems, and developing checklists. Metrics include training completion rates, incident rates, and asset compliance. Milestones are set to achieve targets by 2025 with a $16,060 budget over 5 years.

Uploaded by

CEH Dre22
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Information Security Alignment/Linkage to the following

Objective/Goal Enterprise strategy objectives

Improve the organization's T1, S3, T4, G6, P1, P4


information and cyber
security posture towards
safeguarding and attaining
trust in data and digital
services.
Sample Information

Key Strategic Initiatives Strategic Activities/Projects

Engage in company-wide security education Implement company-wide security awareness campaigns that are
and awareness as a means of minimizing the aligned with best practices.
associated information security risks to
information assets.
Provide technologies and processes that Document and communicate the security technology architecture
facilitate adoption of information security roadmap.
initiatives. Provide a security architecture and direction to ensure a common
understanding and application of principles in guiding initiatives.

Enhance the University's overall data security Enhance/draft and then implement an Information security policy
posture by implementing relevant business to safeguard information assets.
practices to ensure consistent data security
Harden storage of data systems and environments to ensure safe
practices.
storage of data and information

Develop information security checklists that is aligned to best


practices and established company needs.

Define within the Information Security Policy data classification


scheme to be used for company-wide data classification
ample Information Security Strategy
KGIs Key Performance Indicators (KPIs) Milestone Implement
Responsible Person(s)
Metric Current Target 2021
Information Security 1. % of staff who have 10% 98%
Manager undergone security
awareness training 20%

Information Security
Manager X
Information Security 1. % of incidents related
Manager to non-compliance. X

Information Security 1. % of non compliant


Steering Committee information assets. X

Systems Administrators 1. % of hardened/secured


IT systems X

Information Security 1. No. of key procedures


Manager with a security
checklists.
2. % of compliance with X
information security
checklists.

Information Security 1. % of data that has


Steering Committee been classified X
Milestone Implementation Timelines Budget (USD)

Total 5 -year
2022 2023 2024 2025 2021 2022 2023 2024 2025
budget

40% 60% 80% 98% 1,000 1,560 3,000 2,000 8,500 16,060

X X X X X X X X X

X X X X X X X X X

X X X X X X X X X

X X X X X X X X X

X X X X X X X X X

X X X X X X X X X

You might also like