DOHERTY, N.F. and FULFORD, H., 2006. Aligning the information security policy with the strategic information systems plan. Computers and Security, 25 (1), pp. 55-63.
Two of the most important documents for ensuring the effective deployment of information systems and technologies within the modern business enterprise are the strategic information systems plan (SISP) and the information security policy. The strategic
information systems plan ensures that new systems and technologies are deployed in
a way that will support an organisation’s strategic goals whilst the information security
policy provides a framework to ensure that systems are developed and operated in a secure
manner. To date, the literature with regard to the formulation of the information security
policy has tended to ignore its important relationship with the strategic information systems
plan, and vice versa. In this paper we argue that these two important policy documents
should be explicitly and carefully aligned to ensure that the outcomes of
strategically important information system initiatives are not compromised by problems
with their security.