Lomprey, Gary R.2008-10-282008-10-282008-07https://hdl.handle.net/1794/761394 p. This paper was completed as part of the final research component in the University of Oregon Applied Information Management Master's Degree Program [see htpp://aim.uoregon.edu].Not only is Information Security Strategy crucial to protect information systems, but it is central to organization survival. Harris (2006) believes security strategy should be customized because each organization is unique. Literature published from 2000 to 2008 examines information systems in the context of information security. Conclusions provide discussion of six key security policy components selected from ISO-27002 (2005), spanning definitions, objectives, management goals, controls, risk assessment, policies and standards, compliance requirements, and supporting references.DataPolicies and standardsCompliance requirementsInformation systemsAIMRisk assessmentInformation security strategyApplied Information ManagementOther