Developing an information security plan

Developing an information security plan is a daunting task that requires careful planning and execution. Information security plans can be combined with information assurance programs that are integrated sets of business and technological processes. Information assurance programs just like information security programs must be deliberately designed and deployed through strategic planning activities of an organization. Information assurance can only be achieved if organizations take a holistic approach focusing on technology, operation, and people. Each of these facets of information security framework should receive equal attention and design in a way that they can work in harmony. Each organization should perform a risk analysis as part of their information security roadmap, a risk analysis determines which assets are more valuable and need more resources dedicated to detect, prevent and avoid security incidents that could harm the organization and its stakeholders.