Is Information Security Under Control?: Investigating Quality in Information Security Management
Autor: | Linda G. Wallace, Wade H. Baker |
---|---|
Rok vydání: | 2007 |
Předmět: |
Process management
Knowledge management Computer Networks and Communications Computer science Standard of Good Practice Certified Information Systems Security Professional Asset (computer security) Security testing Security information and event management Threat Information security audit Information security management Security management Electrical and Electronic Engineering Risk management Information security management system Cloud computing security Certified Information Security Manager business.industry Enterprise information security architecture Information security Security controls ITIL security management Security service Information security standards Information and Communications Technology Security through obscurity Security convergence business Law |
Zdroj: | IEEE Security and Privacy Magazine. 5:36-44 |
ISSN: | 1540-7993 |
Popis: | Over the past decade, organizations have sought to become more efficient and productive by adopting information and communication technologies. Organizations are consequently more aware of information security risks and the need to take appropriate action. Previous studies of organizations' use of information security controls have focused on the presence or absence of controls, rather than their quality. We designed and conducted a survey as an initial step toward meeting this challenge. To do this, we benchmarked how organizations manage information security by implementating various controls. Although security surveys are nothing new, our method aims to uncover specific details of control implementation and focus on implementation quality. With a more precise understanding of current practices, information security management can begin to properly pursue effective strategies to improve quality and lower risk |
Databáze: | OpenAIRE |
Externí odkaz: |