A context for information systems security planning
暂无分享,去创建一个
Management is often rightfully dissatisfied with the performance of many information security efforts. After investment of considerable resources, and prolonged waiting for results, many efforts can demonstrate little if any significant improvement. This is largely due to a lack of planning. Many efforta lack explicitly articulated plans as well as specific performance milestones. Although many are loathe to admit it, information security efforts at many organizations lack formal planning and performance monitoring. Management's dissatisfaction with information security is exemplified by the seriously inadequate staffing levels found at a large number of organizations. When management is convinced that information security is a prudent investment, they will respond with additional resources. This article examines why information security efforts are often ineffective and why more formal planning efforts can alleviate this condition. It discusses tools best used to prepare an action plan for information security and gives some tips on how to sell such a plan to management. Also discussed are organizational design, policies, standards, and guidelines and other elements of a foundation that is required if an effective information security planning process is to be sustained. The article dwells on the establishment of a context for effective information security planning.
[1] Charles Cresson Wood. Enhancing information security with the information resource management approach , 1983, Comput. Secur..
[2] Charles Cresson Wood,et al. Information systems security: Management success factors , 1987, Comput. Secur..
[3] D. Bell. The Coming of Post-Industrial Society, a venture in Social Forecasting , 1974 .
[4] Robert S. McNamara,et al. Blundering into disaster : surviving the first century of the nuclear age , 1987 .