Critical Elements of an Information Security Management Strategy

Information security, according to the International Standards Organization (ISO), is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities (ISO-27002, 2005, p. 14). Information security management, according to the National Institute of Standards and Technology's (NIST) involves planning for and implementing a structure as well as the processes that provide for the alignment of information security strategy with business objectives and applicable laws and industry standards.