Towards an aligned organization on information security

Abstract

Information Security is mainly a topic that is considered to be Information Technology related. However, for successfully implementing information security, an organization’s information security program should reflect the business strategy. Nowadays information security is in many companies enforced by the Information Technology department, based on what they think should be in place to protect their business from inside and outside threats and risks. Besides, information security covers many different subjects. This makes it hard for small and medium sized organizations to determine their information security program. Involving the Information Security Focus Area Maturity model (ISFAM) model in this process helps organizations in determining their current level of maturity and is capable of providing high level guidelines which the organization can use to structurally improve their information security level.