Chapter 4security management, from safeguarding your. The mission is the organizations fun4 introduction figure 1. The analysis is completed through the collection of information via human, technical, and disruption activities. If you would like to read the first part in this article series please go to developing an information security and risk management strategy part 1 introduction. Chapters 1 and 2 motivate the strategic approach and define security related terms. Todays economic context is characterized by a competitive environment which is permanently changing. Download book introduction to information security. In this report, the authors aim to achieve four things. Second, they explain why the current approach to employing scenario analysis to support political strategic decisions is problematic. According to price waterhouse coopers 2012 global state of information security survey, over 70% of respondents. Security strategy template available for all it professionals who want to execute a formal strategy at their own companies, and its available for download here. The information security strategic planning process requires understanding the organizations mission, formal management system, and culture. Information security strategic plan strategic plan strategic. As the landscape of security threats continues to evolve, security professionals must work diligently to refine their information security strategy.
Building a cybersecurity strategic plan insiderpro. May 07, 2014 most introductory books about information security are about the size of this book, but are often written at a far too basic level. Written by an industry expert, information security governance is the first booklength treatment of this important topic, providing readers with a stepbystep approach to developing and managing an effective information security program. Strategic security an overview sciencedirect topics. Rent introduction to information security a strategicbased approach 1st edition 9781597499699 and save up to 80% on textbook rentals and 90% on used textbooks. Excerpted from six steps to a risk based security strategy, a new, free report posted this week on dark readings risk management tech center. Most introductory books about information security are about the size of this book, but are often written at a far too basic level. Implementation of this function in the organization can be done through the utilization of risk assessment tools in order to depict potential risks to information security. Offers a strategybased view of these tools and techniques, facilitating selection of overlapping methods for indepth defense of information. Elements of information security strategy information.
An information security strategy recognizes the facts of the competitive environment, and of supplier and customer needs. But because personal computers are just that personal, staff behavior cant always be dictated without potentially hampering workers. Information security is essential to the mission and institutional strategic goals of east tennessee state university. An empirical study in australia zijad pita school of business information technology rmit university melbourne, australia, zijad. A strategicbased approach, authors timothy shimeall and jonathan spring of cert are able to provide an exploratory text about the topic without getting bogged down in the more elementary items. Information security leaders and practitioners need a framework for guiding the organization around its strategic plan. The book starts with an overview of basic concepts in strategic planning, information technology strategy, and information security strategy. By providing a strategybased introduction, the reader is given a clear. In the previous article we focused on how to develop a security strategy by checking and assessing security posture and establishing asset value. A strategicbased approach by timothy shimeall at indigo. Introduction to information security guide books acm digital library. Information security strategic plan strategic plan ensure appropriate security for university information and it systems, while promoting security awareness among the administration, faculty, staff, and students. An approach to information security strategic guidance from a board of directors or senior management perspective that seeks to integrate the three components of information security governance, risk management, and regulatory compliance.
A strategicbased approach written by authors timothy j. Most introductory texts provide a technologybased survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and. Information technology had its start in commercial organizations in the 1950s and 1960s with the automation of routine clerical functions, specifically accounting functions. Ch 3 governance and strategic planning for security. Introduction to information security a strategicbased. Rent introduction to information security a strategic based approach 1st edition 9781597499699 and save up to 80% on textbook rentals and 90% on used textbooks. Introduction to the octave approach august 2003 3 2 what is the octave approach. In this excerpt of introduction to information security. Security risk management approaches and methodology. By providing a strategy based introduction, the reader is given a clear understanding of how to provide overlapping defenses for critical information. Information security strategic plan strategic plan.
This section from chapter 12 explains the importance of intrusion prevention and detection, as well as its pitfalls. Introduction to information securitya strategic based approach. The information assurance and cyber security strategic plan, referred to as the plan, has been prepared in response to the chief information officer council cioc, enterprise. We will orient towards a riskbased approach in the national organisation of estonias information and network security and follow the best internationally recognised standards and practices. Nuclear regulatory commission s nrcs information security strategic plan issp for fiscal year fy 20102015 describes how the information security is program contributes to the agencys mission and provides highlevel direction and prioritization for nrc internal is. A practical guide to defining an information security strategy is then provided, covering the nuts and bolts of defining longterm information security goals that effectively protect information resources. Provides very current view of the emerging standards of practice in information security. Because system security is the aggregate of individual component security, system boundaries must encompass individual users and their workstations. Jun 12, 2006 the following is an excert from information security.
Buy the paperback book introduction to information security. This paper provides key elements which should be included in any organizations information security strategy to ensure proactive and reactive information security controls. Strategic counterintelligence analysis conducted for policy makers of the state, nonstate actors, and security and operational intelligence gathering entities. This paper examines a risk based approach that can help organizations plan and implement an information security program. An information security strategic planning methodology. A strategicbased approach most introductory texts provide a technology based survey of methods and techniques that leaves the reader without. In order to maintain the authenticity and the accuracy of the. One obvious approach that to the best of our knowledge has not been addressed in either the academic or practitioner literatures would be to closely and explicitly align the information security policy with the strategic information systems plan, which in turn should be based upon corporate objectives. Management of the risk another vital function of ciso is managing the risks, which are interrelated with the functions of continuous assessment. Building a cybersecurity strategic plan these types of plans are cybersecurity road maps that establish pathways an organization can follow to improve its overall risk management approach. The last approach, and the one i believe is the most effective, focuses on p revention and presenting a well architected and consolidated approach to cyber security. A strategicbased approach april 2014 book timothy j. Offers a strategy based view of these tools and techniques, facilitating selection of overlapping methods for indepth defense of information.
Elements of information security strategy information technology essay abstract. Jonathan m spring the purpose of this book is primarily to develop a strategic method of thinking about information security. A strategic approach strategy and information technology information technology had its start in commercial organizations in the 1950s and 1960s with the automation of routine clerical functions, specifically accounting functions. The external environment affects both the overall organization and the specific challenges facing its information security function. About wisegate wisegate is a member based it research company that serves the industrys most seniorlevel it practitioners. One of the results of this experiment is that there was little sharing of information between districts in new zealand. Effective security strikes a balance between protection and convenience. Beginning with a general overview of governance, the book covers. Developing a strategic plan might seem like an overwhelming process, but if you break it down, its easy to tackle. Information security strategy, organisational strategy, security quality, strategic information systems, business management 1 introduction information resources play a critical role in sustaining business success by driving innovation and opportunities for the development of competitive advantage. The authors provide a strategybased introduction to providing defenses as a basis for engineering and riskmanagement decisions in the defense of.
Feb 10, 2017 information security strategic management. A strategicbased approach most introductory texts provide a technologybased survey of methods and. Road maps are a common approach to articulate that plan. To face this fierce competition, managers must take the correct strategic decisions based on real information.
The book provides a good balance between the broad aspects of information security, privacy and risk management. The following is an excerpt from the book introduction to information security. If a strategy approach is chosen, then steps would be needed to implement the strategy, including decisions about exactly what the prioritized means will comprise, what programs will be employed, what funds will be allocated, and how the counterterrorism strategy will be integrated with other u. The aim of this paper is to identify a strategic approach to securing information resources for the.
An information security strategic road map is a time based plan that defines where a business is, where it wants to go, and how to get it there. The four strategic stages developed are deception, frustration, resistance, and recognitionrecovery. First, they distinguish between political strategic and military decisions in the work of defense planning. Topdown approach initiated by upper management issue policy, procedures, and processes dictate goals and expected outcomes of project determine accountability for each required action the most successful also involve formal development strategy referred to as systems development life cycle. The authors provide a strategy based introduction to providing defenses as a basis for engineering and riskmanagement decisions in the defense of information. Aid the development of a welldesigned security management approach and thereby help to mitigate your organisations legal and. Developing the corporate strategy for information security. Most introductory texts provide a technologybased survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and techniques. It also details six steps for developing and implementing information security initiatives. Developing a security strategy is a detailed process that involves initial assessment, planning, implementation and constant monitoring. Introduction to information security sciencedirect. Key features provides a broad introduction to the methods and techniques in the field of information security.
Most introductory texts provide a technologybased survey of methods and techniques that leaves the reader without a clear understanding of the. Approaches and methodologies for strategic information systems planning. A strategicbased approach most introductory texts provide a technologybased survey of methods and techniques that leaves the reader without. Strategic planning for information security robert wentworth gsec assignment 1. Approaches and methodologies for strategic information. The authors provide a strategybased introduction to providing defenses as a basis for engineering and riskmanagement decisions in the defense of information.
Baldwin redefining security has recently become something of a cottage industry. Introduction to information security 1st edition elsevier. Apr 19, 2016 download book introduction to information security. Provides a broad introduction to the methods and techniques in the field of information security. The most effective cyber security strategy today must, of course, address the best way to avoid risk and mitigate threats. The paper will then demonstrate how investing in certificate. Riskbased approach implement information security program. Introduction to information security a strategicbased approach. Payroll and general ledger were among the first processes to become automated. Approaches to information security implementation top down. In doing so, it identifies several types of information security risks. It then outlines the proposed approach to managing information security initiatives, identifying the two types of risk commonly involved in technology projects and a formula for calculating a risks impact.
The following is an excert from information security. Most introductory texts provide a technology based survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and. Chapters 315 are organized around a certain type of contribution to a strategic area. Most introductory texts provide a technology based survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and techniques. Developing an information security and risk management. All too often, individual projects implement point solutions to address their specific projects requirements without considering the wider implications of security information security is a strategic approach that should be based on a solid, holistic framework.
1522 759 1132 1425 1003 875 860 917 937 297 376 1096 54 377 432 697 70 672 457 286 1471 198 734 190 466 752 1160 1443 761 150 39 345 523 441 703