Addressing Dynamic Issues in Information Security Management
2011 (English)In: Information Management & Computer Security, ISSN 0968-5227, Vol. 19, no 1, 5-24 p.Article in journal (Refereed) Published
Purpose – The paper addresses three main problems resulting from uncertainty in information securitymanagement: i) dynamically changing security requirements of an organization ii) externalities caused by a securitysystem and iii) obsolete evaluation of security concerns.
Design/methodology/approach – In order to address these critical concerns, a framework based on optionsreasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture anddecision-making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy.
Findings – The paper shows through three examples that it is possible to have a coherent methodology, buildingon options theory to deal with uncertainty issues in information security at an organizational level.
Practical implications – To validate the efficacy of the methodology proposed in this paper, it was applied tothe SHS (Spridnings- och Hämtningssystem: Dissemination and Retrieval System) system. The paper introduces themethodology, presents its application to the SHS system in detail and compares it to the current practice.
Originality/value – This research is relevant to information security management in organizations, particularlyissues on changing requirements and evaluation in uncertain circumstances created by progress in technology.
Place, publisher, year, edition, pages
UK: Emerald Group Publishing Limited , 2011. Vol. 19, no 1, 5-24 p.
Dynamic Security Requirement Management, IT Security Externalities, Re-evaluation of IT Products
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-19429ScopusID: 2-s2.0-79955624015OAI: oai:DiVA.org:kth-19429DiVA: diva2:337617
Updated from submitted to published. QC 201203232010-08-082010-08-082012-03-23Bibliographically approved