Though cyberthreat is increasingly growing, most organizations still pursue a low-level technical approach to IT/IS security. The current thesis investigates the benefits of taking a strategic perspective and aims at developing guidance for strategic IT/IS security planning.