Provide feedback on this document
Visit the Information Security Management Knowledge Center community
This introduction guide, with case study, is the first document in a series planned around the Business Model for Information Security. Based on the white paper “Systemic Security Management,” developed by the USC Marshall School of Business Institute for Critical Information Infrastructure Protection, this guide provides a starting point for discussion and future development. It defines the core concepts that will evolve into practical aids information security and business unit managers can use to align security program activities with organizational goals and priorities, effectively manage risk, and increase the value of information security program activities to the enterprise.
The Business Model for Information Security does not replace the many sources of security program best practices. It does, however, provide a view of information security program activities within the context the larger enterprise, to integrate the disparate security program components into a holistic system of information protection.
This guide introduces the model and its core concepts to enterprises, particularly to:
- Senior executives
- Information security managers
- Those who have responsibility for managing business risk
- Individuals who have responsibility for the design, implementation, monitoring and improvement of an information security management system