IT Security planning is essential to any organization. The development, appreciation, and expression of the IT security strategy and plan are the single most important factors in setting the security tone for an organization.
If you try to achieve a level of security that is too ambitious and inappropriate for the organization, you will not retain support from management. They will soon see that you are pumping money and head-count where it is not effective. Yet unless you take a high-level, whole organization approach, you will never obtain the backing or the funding to enforce any policy you write.
The strategic planning process for the whole enterprise considers several key factors. The IT security planning process should consider the same factors—which is not surprising, since it is fundamentally the same process, only focused on information security.
IT Security Planning