Strategic, Tactical, & Operational Management Security Model

Abstract

Information security can be viewed as being different, at different levels of management. Strategic management involves creating security policies, dealing with people issues, and evaluating threats and risks. Tactical management involves how the security systems are developed and implemented to meet policy requirements. Operational management involves maintaining and monitoring the enforcement of information security policies. This paper presents and explains information security from a managerial level perspective and how curriculum supports the model of the different information security needs of strategic (why), tactical (how), and operational (what) management.