Integrating Strategic Information Security with Strategic Information Systems Planning (SISP)

Abstract

Strategic information systems planning and strategic information security are two different atributes in information systems world. Information systems security must be integrated with business plan (Wylder, 2003) and strategic information systems planning must be align with business plan. This study aims to investigate the contribution of information security attributes to the strategic information systems planning in the organization. Strategic information system planning (SISP) is an exercise or ongoing activities that enable organization to develop priorities for information system (IS) development (Doherty, 1999). SISP approach is a combination of method, process and implementation (Earl, 1993). As a new business strategies and information technologies are both rapidly moving targets, it is a very challenging task to produce an effective plan that achieves business objectives with efficient information systems support (Hevner et al. 2000). Organization invest very large amount of time and money in the SISP project. In a typical SISP project, term of key managers, users, selected clients, and IS specialist are formed (Hevner et al. 2000) and planning methodology is chosen. On the other hand, Information security planning is to mitigate risk associated with the processing of information with confidentially, integrity and authenticity (Wylder, 2003). Finally, this study will introduce a new model of SISP embedded with information security attributes based on previous literature on both SISP and strategic information security.