Developing Internet security policy for organizations

The paper describes a general framework for developing an organization's Internet security policy. A model of Internet security risks for an Internet user organization is proposed; the framework utilizes this model, as well as considering important holistic issues, in order to develop the user organization's Internet security policy. A hierarchy of subpolicies for the Internet security policy is also suggested. The paper presents the results of one phase of a wider investigation into Internet security policy.

[1]  Jean Hitchings Achieving an Integrated Design: The Way Forward for Information Security , 1995 .

[2]  Richard Baskerville Designing information systems security , 1988 .

[3]  Henrik Kaspersen Security Mearures, Standardisation and the Law , 1992, IFIP Congress.

[4]  S. U. Hartmann Comprehensive Information Technology Security: A New Approach to Respond Ethical and Social Issues S , 1995 .

[5]  Stephen D. Crocker,et al.  Guidelines for the Secure Operation of the Internet , 1991, RFC.

[6]  Kai Rannenberg Recent Development in Information Technology Security Evaluation - The Need for Evaluation Criteria for Multilateral Security , 1993, Security and Control of Information Technology in Society.

[7]  William Cheswick,et al.  Firewalls and Internet Security , 1994 .

[8]  Jon Ølnes,et al.  Development of security policies , 1994, Comput. Secur..

[9]  Dieter Gollmann Computer security - ESORICS 94 : Third European Symposium on Research in Computer Security, Brighton, United Kingdom, November 7-9, 1994 : proceedings , 1994 .

[10]  Richard G. Mathieu,et al.  Data integrity and the Internet: implications for management , 1996, Internet Res..

[11]  Charles Cresson Wood,et al.  Writing infosec policies , 1995, Computers & security.

[12]  Gregory R. Doddrell Information security and the Internet , 1995, Inf. Manag. Comput. Secur..

[13]  S. Jajodia,et al.  Information Security: An Integrated Collection of Essays , 1994 .

[14]  Barbara Fraser,et al.  Site Security Handbook , 1997, RFC.

[15]  Louise Yngström,et al.  A Holistic Approach to IT Security , 1995 .

[16]  Richard G. Mathieu,et al.  Data integrity and the Internet: implications for management , 1995, Inf. Manag. Comput. Secur..

[17]  Telecommunications Board Computers at Risk: Safe Computing in the Information Age , 1990 .