Business Oriented Information Security Management - A Layered Approach

Information Security Management has become a top management priority due to a highly increasing economical dependency on information and its underlying information and communication technologies. While several efforts have been undertaken to set up physical, technical and organizational concepts to secure the information infrastructure, economic aspects have been widely neglected despite of an increasing management interest. This paper presents a layered model for managing information security with a strong economic focus by introducing a comprehensive concept which specifically links business and information security goals.

[1]  A. Clark,et al.  Enterprise Security Architecture: A Business-Driven Approach , 2005 .

[2]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[3]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[4]  Philipp Klempt,et al.  Risikoanalyse und Auswahl von Maßnahmen zur Gewährleistung der IT-Sicherheit , 2006 .

[5]  Joan Hash,et al.  SP 800-65. Integrating IT Security into the Capital Planning and Investment Control Process , 2005 .

[6]  Stuart E. Schechter,et al.  Quantitatively Differentiating System Security , 2002 .

[7]  Lawrence A. Gordon,et al.  Managing Cybersecurity Resources: A Cost-Benefit Analysis , 2005 .

[8]  Michael M. May,et al.  How much is enough? A risk management approach to computer security , 2000 .

[9]  Dirk C. Loomans Information Risk Scorecard macht Unsicherheitskosten transparent , 2004, HMD Prax. Wirtsch..

[10]  H. Ulrich,et al.  Die Unternehmung als produktives soziales System : Grundlagen der allgemeinen Unternehmungslehre , 1968 .

[11]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[12]  R. Kaplan,et al.  Using the balanced scorecard as a strategic management system , 1996 .

[13]  Huseyin Cavusoglu,et al.  Model for Evaluating , 2022 .

[14]  H. Ulrich Die Unternehmung als produktives soziales System , 1968 .

[15]  Lawrence A. Gordon,et al.  Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series) , 2005 .

[16]  Ian Lim,et al.  Information Security Cost Management , 2006 .

[17]  Shawn A. Butler Security attribute evaluation method: a cost-benefit approach , 2002, ICSE '02.

[18]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[19]  R. Kaplan,et al.  The balanced scorecard--measures that drive performance. , 2015, Harvard business review.

[20]  Marianne Swanson,et al.  Security metrics guide for information technology systems , 2003 .