Information Security Policy and Strategy

Well-developed and documented policies and strategies are the best practice form of controls in information security (IS) (Rhodes-Ousley, 2013, p. 58). Given the significance of IS for healthcare (Landi, 2015), the implementation of these practices appears to be a must for it.

We will write a
custom essay
specifically for you

for only $16.05 $11/page
308 certified writers online
Learn More

A strategy is a “complete plan for defense, detection, and deterrence” that includes all the relevant elements in it; policy is a description of “management intent for information protection” (Rhodes-Ousley, 2013, pp. 20, 58). There is no unified classification for the phenomena, but some general features allow researchers and practitioners to group IS policies and strategies into types. For instance, Ahmad, Maynard, and Park (2012) discuss the preventive strategy (PS) type that is primarily aimed at preventing any attack, disclosure, or breach. The authors point out that the use of PS is explained by the specifics of the organization: preventive measures are designed for particularly vulnerable industries.

PS employs a variety of elements in its IS plan. For instance, the use of multiple technological safeguards, which are required by HIPAA (Murray, Calhoun, & Philipsen, 2011), is a form of technological PS measures. In particular, the employment of encryption is a viable strategy (Landi, 2015). Also, vulnerability checking, monitoring, and maintenance are important for PS (Ahmad et al., 2012). Finally, Ahmad et al. (2012) mention certain policies, especially the clean desk policy, that can promote PS. This policy implies that enforcement measures are also to be introduced into PS, including compliance-ensuring measures (both carrot and stick ones) and training (Chen, Ramamurthy, & Wen, 2012).

Thus, PS can be aligned with current legislation as well as the company’s specifics and security-related objectives. Apart from that, PS does add value to stakeholders’ well-being. Here, the inclusion of extensive employee training in the strategy is illustrative because it is of benefit to employees as well as other stakeholders (Landi, 2015). Indeed, training makes sure that employees are capable of protecting the data, which improves security and also helps employees to avoid doing harm unintentionally.

The key point of PS consists of directing multiple efforts at ensuring that security breaches do not occur, which applies to healthcare organizations due to their vulnerability and the simultaneous need for the protection of sensitive information. The mechanisms and elements of PS are multiple, but training, which is included in PS, is also a major vehicle which ensures that the policy and strategy are understood and assimilated.


Ahmad, A., Maynard, S. and Park, S. (2012). Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-370.

Chen, Y., Ramamurthy, K. and Wen, K. (2012). Organizations’ information security policy compliance: Stick or carrot approach? Journal of Management Information Systems, 29(3), pp.157-188.

Get your
100% original paper
on any topic

done in as little as
3 hours
Learn More

Landi, H. (2015). Data security: The importance of planning, training and having a risk-management strategy. Web.

Murray, T., Calhoun, M., & Philipsen, N. (2011). Privacy, confidentiality, HIPAA, and HITECH: Implications for the health care practitioner. The Journal for Nurse Practitioners, 7(9), 747-752. Web.

Rhodes-Ousley, M. (2013). Information security: The complete reference, second edition (2nd ed.). New York, NY: McGraw-Hill.

Print Сite this

Cite this paper

Select style


StudyCorgi. (2020, October 28). Information Security Policy and Strategy. Retrieved from

Work Cited

"Information Security Policy and Strategy." StudyCorgi, 28 Oct. 2020,

1. StudyCorgi. "Information Security Policy and Strategy." October 28, 2020.


StudyCorgi. "Information Security Policy and Strategy." October 28, 2020.


StudyCorgi. 2020. "Information Security Policy and Strategy." October 28, 2020.


StudyCorgi. (2020) 'Information Security Policy and Strategy'. 28 October.

Copy to clipboard

This paper was written and submitted to our database by a student to assist your with your own studies. You are free to use it to write your own assignment, however you must reference it properly.

If you are the original creator of this paper and no longer wish to have it published on StudyCorgi, request the removal.

Psst... Stuck with your
assignment? 😱
Psst... Stuck with your assignment? 😱
Do you need an essay to be done?
What type of assignment 📝 do you need?
How many pages (words) do you need? Let's see if we can help you!