Strategic Information Systems Planning (SISP) and Strategic Information Security Planning (SISecP) In Malaysian Government Agencies

Abstract

Strategic information systems and strategic information security are two different atributes in information systems world. Information systems security must be integrated with business plan[6] and strategic information systems planning must be align with business plan. This study aims to investigate the contribution of information security attributes to the strategic information systems planning in the organization especially to the Malaysian Government Agencies. Strategic information system planning (SISP) is an exercise or ongoing activities that enable organization to develop priorities for information system (IS) development[1]. A completes SISP approach is a combination of methods, processes and implementation[2]. As a new business strategies and information technologies are both rapidly moving targets, it is a very challenging task to produce an effective plan that achieves business objectives with efficient information systems support[3]. Organization invest very large amount of time and money in the SISP project. In a typical SISP project, term of key managers, users, selected clients, and IS specialist are formed[3] and planning methodology is chosen. On the other hand, Information security planning is to mitigate risk associated with the processing of information with confidentially, integrity and authenticity[6] with ten main domain areas as common body of knowledge in information security. Finally, this study will explore both attribute of SISP and SISecP usage in information systems planning.