Development of stakeholder oriented corporate information security objectives

Abstract

Information, asset and technology are key differentiators for modern organizations. They are faced with a wide, complex and increasingly faster changing range of most different information security requirements of diverse stakeholders, huge potential threats and socio-organizational challenges. Clear, coherent corporate security objectives are required to proper guide and control information security in an organization, to demonstrate information security governance and compliance and to concentrate all security efforts on what matters most. In accordance to action research we develop an innovative stakeholder's oriented process to develop corporate information security objectives: we identify all stakeholders, analyze their needs, deduce security requirements and define the security objectives with priorities and relationships. Based on our research results this process promotes a newly holistic, collaborative, systemic, structured and market driven strategic security approach. In that way information security becomes a new role as success factor or business opportunity to provide enhanced business value and competitive edge. © 2013 Springer Science+Business Media.