Implementing Information Security

One result of strategy development can be a high level information security programme. Further planning can focus on the implementation of this programme. So the next question often being asked is this:

How do I implement our security work?

Our answer to this question is the Information Security Implementation Framework.

Our framework has three phases. Segmenting the implementation in this way helps in setting achievable targets. The phases need to be compared to the priority settings in the conceptual framework and adjustments to be made as necessary. These adjustments are usually influenced by budgets and manpower available. A "moment of truth" is experienced often at this point, as the limitations are realised.

The diagram below shows these three main phases:

ImplSmall







Please click on the image for a larger version.


Each phase is divided into eight (8) subject areas as the next step to create an implementation plan. Each subject area has

This modular structure generates multiple "points of attack". Although the subject areas are interrelated, they do not necessarily depend on each other. Therefore the completion of one subject area is not necessarily required before another activity can commence. Furthermore, as the security posture of the incorporated entity matures, the subject areas can be revisited and brought up to the level of other, more advanced subject areas.

Such a framework is beneficial because

For relevant capabilities please read the Security Programme Management, Information Security Lifecycle Management, Business Continuity Management and Incident Management sections in the Management category here.

If we can assist you in any ways please feel free to contact us for further information. Our consultants will be happy to assist you with your enquiry.

<back to top>