The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
|
Another approach to mapping is using a matrix. This method can be used in a number of ways, and at various levels, such as IWC Strategic Business Plan to ISSSP. In the example provided in Figure 6.5, some mappings are intentionally left blank to show how easy it is to identify those items that map to others, and more importantly, those that don't!
| Projects | ISSSP | ITP | IAP |
|---|---|---|---|
| InfoSec Org. | X | X | X |
| Policies & Procs. | X | ||
| InfoSec Team | X | ||
| Process Protection | X | X | |
| InfoSec Functions | X | X | |
| Support IT Changes | X | X |
This method can identify "holes" in your plans that must be addressed.
|