House of Security: Locale Roles and Resources for Ensuring Information Security

In this paper we redefine information security by extending its definition in three salient avenues: locale (beyond the boundary of an enterprise to include partner organizations), role (beyond the information custodians' view to include information consumers' and managers' views), and resource (beyond technical dimensions to include managerial dimensions). Based on our definition, we develop a model of information security, which we call the House of Security. This model has eight constructs, Vulnerability, Accessibility, Confidentiality, IT Resources for Security, Financial Resources for Security, Business Strategy for Security, Security Policy and Procedures, and Security Culture. We have developed a questionnaire to measure the assessment and importance of information security along these eight aspects. The questionnaire covers multiple locales and questionnaire respondents cover multiple roles. Data collection is currently in process. Results from our analysis of the collected data will be ready for presentation at the conference.

[1]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[2]  Elizabeth D. Zwicky,et al.  Building Internet firewalls (2nd ed.) , 2000 .

[3]  Rolf Oppliger,et al.  Internet security: firewalls and beyond , 1997, CACM.

[4]  William Cheswick,et al.  Firewalls and Internet Security , 1994 .

[5]  Elizabeth D. Zwicky,et al.  Building internet firewalls , 1995 .

[6]  John McCumber,et al.  Assessing and Managing Security Risk in IT Systems , 2004 .

[7]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[8]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[9]  S. A. Klein,et al.  Information security considerations in open systems architectures , 1993 .

[10]  Steve R. White,et al.  Fighting Computer Viruses , 1997 .

[11]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[12]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[13]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[14]  Juan M. Estévez-Tapiador,et al.  Concepts and Attitudes for Internet Security (A review of Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin). , 2003 .

[15]  W StraubDetmar,et al.  Coping with systems risk , 1998 .