Threats, Risks and the Derived Information Security Strategy

This article concentrates on the development of an information security strategy. An information security strategy needs to focus on an overall objective, usually the objectives laid out in an organization’s business strategy and its derived information technology strategy, where it takes the status quo and reflects the main objectives derived and postulates how and when to close the identified gaps. This strategy approach for improving information security is intended for an organization which supports an automotive and captive finance enterprise but is not restricted to this. The approach is aligned to the scope of ISO 270002 “Code of Practice for an Information Security Management System” [ISO05]. However, compliance is left out of the scope. The strategy concentrates on four areas considered the relevant areas for infonnation security: people, business processses. applications and infrastructure and has therefore a clear focus on processes, stability, resilience and efficiency which are the pillars of a successful enterprise.