Online from: 1993
Subject Area: Information and Knowledge Management
Options: To add Favourites and Table of Contents Alerts please take a Emerald profile
|Title:||Addressing dynamic issues in information security management|
|Author(s):||Haider Abbas, (ECS, ICT, Royal Institute of Technology, Stockholm, Sweden), Christer Magnusson, (Department of Computer and System Sciences, Stockholm University, Stockholm, Sweden), Louise Yngstrom, (Department of Computer and System Sciences, Stockholm University, Stockholm, Sweden), Ahmed Hemani, (ECS, ICT, Royal Institute of Technology, Stockholm, Sweden)|
|Citation:||Haider Abbas, Christer Magnusson, Louise Yngstrom, Ahmed Hemani, (2011) "Addressing dynamic issues in information security management", Information Management & Computer Security, Vol. 19 Iss: 1, pp.5 - 24|
|Keywords:||Data security, Generation and dissemination of information, Information systems|
|Article type:||Conceptual paper|
|DOI:||10.1108/09685221111115836 (Permanent URL)|
|Publisher:||Emerald Group Publishing Limited|
Purpose – The purpose of this paper is to address three main problems resulting from uncertainty in information security management: dynamically changing security requirements of an organization; externalities caused by a security system; and obsolete evaluation of security concerns.
Design/methodology/approach – In order to address these critical concerns, a framework based on options reasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture and decision making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy.
Findings – The paper shows through three examples that it is possible to have a coherent methodology, building on options theory to deal with uncertainty issues in information security at an organizational level.
Practical implications – To validate the efficacy of the methodology proposed in this paper, it was applied to the Spridnings-och Hämtningssystem (SHS: dissemination and retrieval system) system. The paper introduces the methodology, presents its application to the SHS system in detail and compares it to the current practice.
Originality/value – This research is relevant to information security management in organizations, particularly issues on changing requirements and evaluation in uncertain circumstances created by progress in technology.
To purchase this item please login or register.
Complete and print this form to request this document from your librarian