We will orient towards a riskbased approach in the national organisation of estonias information and network security and follow the best internationally recognised standards and practices. Chapters 315 are organized around a certain type of contribution to a strategic area. The last approach, and the one i believe is the most effective, focuses on p revention and presenting a well architected and consolidated approach to cyber security. This paper provides key elements which should be included in any organizations information security strategy to ensure proactive and reactive information security controls. The following is an excert from information security. An information security strategic planning methodology. Security risk management approaches and methodology. The information assurance and cyber security strategic plan, referred to as the plan, has been prepared in response to the chief information officer council cioc, enterprise. Ch 3 governance and strategic planning for security. The paper will then demonstrate how investing in certificate.
A strategicbased approach most introductory texts provide a technologybased survey of methods and techniques that leaves the reader without. It then outlines the proposed approach to managing information security initiatives, identifying the two types of risk commonly involved in technology projects and a formula for calculating a risks impact. This section from chapter 12 explains the importance of intrusion prevention and detection, as well as its pitfalls. But because personal computers are just that personal, staff behavior cant always be dictated without potentially hampering workers. A strategicbased approach april 2014 book timothy j. Developing the corporate strategy for information security. In the previous article we focused on how to develop a security strategy by checking and assessing security posture and establishing asset value. Information technology had its start in commercial organizations in the 1950s and 1960s with the automation of routine clerical functions, specifically accounting functions. This paper examines a risk based approach that can help organizations plan and implement an information security program. Beginning with a general overview of governance, the book covers. A strategicbased approach written by authors timothy j. The aim of this paper is to identify a strategic approach to securing information resources for the. Introduction to the octave approach august 2003 3 2 what is the octave approach. If you would like to read the first part in this article series please go to developing an information security and risk management strategy part 1 introduction.
Key features provides a broad introduction to the methods and techniques in the field of information security. Payroll and general ledger were among the first processes to become automated. An approach to information security strategic guidance from a board of directors or senior management perspective that seeks to integrate the three components of information security governance, risk management, and regulatory compliance. May 07, 2014 most introductory books about information security are about the size of this book, but are often written at a far too basic level. The information security strategic planning process requires understanding the organizations mission, formal management system, and culture. Most introductory texts provide a technology based survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and. Building a cybersecurity strategic plan these types of plans are cybersecurity road maps that establish pathways an organization can follow to improve its overall risk management approach.
Most introductory texts provide a technology based survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and techniques. Introduction to information security a strategicbased approach. One obvious approach that to the best of our knowledge has not been addressed in either the academic or practitioner literatures would be to closely and explicitly align the information security policy with the strategic information systems plan, which in turn should be based upon corporate objectives. Most introductory texts provide a technologybased survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and. Information security strategic plan strategic plan ensure appropriate security for university information and it systems, while promoting security awareness among the administration, faculty, staff, and students. A strategicbased approach most introductory texts provide a technologybased survey of methods and. Download book introduction to information security. The analysis is completed through the collection of information via human, technical, and disruption activities. The external environment affects both the overall organization and the specific challenges facing its information security function. Information security strategic plan strategic plan. An information security strategy recognizes the facts of the competitive environment, and of supplier and customer needs.
Apr 19, 2016 download book introduction to information security. By providing a strategybased introduction, the reader is given a clear understanding of how to provide overlapping defenses for critical information. Building a cybersecurity strategic plan insiderpro. Introduction to information securitya strategic based approach. Most introductory texts provide a technologybased survey of methods and techniques that leaves the reader without a clear understanding of the. A strategic approach strategy and information technology information technology had its start in commercial organizations in the 1950s and 1960s with the automation of routine clerical functions, specifically accounting functions. Offers a strategybased view of these tools and techniques, facilitating selection of overlapping methods for indepth defense of information. Developing a security strategy is a detailed process that involves initial assessment, planning, implementation and constant monitoring. An empirical study in australia zijad pita school of business information technology rmit university melbourne, australia, zijad. Information security strategic plan strategic plan strategic. Buy the paperback book introduction to information security. Road maps are a common approach to articulate that plan. Provides very current view of the emerging standards of practice in information security. Provides a broad introduction to the methods and techniques in the field of information security.
About wisegate wisegate is a member based it research company that serves the industrys most seniorlevel it practitioners. Introduction to information security a strategicbased. Chapter 4security management, from safeguarding your. Jonathan m spring the purpose of this book is primarily to develop a strategic method of thinking about information security. As the landscape of security threats continues to evolve, security professionals must work diligently to refine their information security strategy. Strategic counterintelligence analysis conducted for policy makers of the state, nonstate actors, and security and operational intelligence gathering entities. Information security strategy, organisational strategy, security quality, strategic information systems, business management 1 introduction information resources play a critical role in sustaining business success by driving innovation and opportunities for the development of competitive advantage. The most effective cyber security strategy today must, of course, address the best way to avoid risk and mitigate threats. Most introductory texts provide a technologybased survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and techniques. Because system security is the aggregate of individual component security, system boundaries must encompass individual users and their workstations. All too often, individual projects implement point solutions to address their specific projects requirements without considering the wider implications of security information security is a strategic approach that should be based on a solid, holistic framework. Developing a strategic plan might seem like an overwhelming process, but if you break it down, its easy to tackle. Topdown approach initiated by upper management issue policy, procedures, and processes dictate goals and expected outcomes of project determine accountability for each required action the most successful also involve formal development strategy referred to as systems development life cycle. Strategic security an overview sciencedirect topics.
Rent introduction to information security a strategicbased approach 1st edition 9781597499699 and save up to 80% on textbook rentals and 90% on used textbooks. A strategicbased approach, authors timothy shimeall and jonathan spring of cert are able to provide an exploratory text about the topic without getting bogged down in the more elementary items. Introduction to information security guide books acm digital library. An information security strategic road map is a time based plan that defines where a business is, where it wants to go, and how to get it there. Feb 10, 2017 information security strategic management. Written by an industry expert, information security governance is the first booklength treatment of this important topic, providing readers with a stepbystep approach to developing and managing an effective information security program. Most introductory books about information security are about the size of this book, but are often written at a far too basic level.
Chapters 1 and 2 motivate the strategic approach and define security related terms. Free shipping and pickup in store on eligible orders. Security strategy template available for all it professionals who want to execute a formal strategy at their own companies, and its available for download here. A strategic based approach by timothy shimeall and jonathan spring, published by elsevier science and technology books. The book provides a good balance between the broad aspects of information security, privacy and risk management. Approaches to information security implementation top down. The book starts with an overview of basic concepts in strategic planning, information technology strategy, and information security strategy. In doing so, it identifies several types of information security risks. Riskbased approach implement information security program. By providing a strategybased introduction, the reader is given a clear. One of the results of this experiment is that there was little sharing of information between districts in new zealand. Jun 12, 2006 the following is an excert from information security. If a strategy approach is chosen, then steps would be needed to implement the strategy, including decisions about exactly what the prioritized means will comprise, what programs will be employed, what funds will be allocated, and how the counterterrorism strategy will be integrated with other u.
Intelligenceled policing is encouraged throughout the districts of the new zealand police, and is implemented throughout the country and is an implementation of intelligenceled policing throughout an entire country. Approaches and methodologies for strategic information systems planning. A strategicbased approach most introductory texts provide a technology based survey of methods and techniques that leaves the reader without. To face this fierce competition, managers must take the correct strategic decisions based on real information. The mission is the organizations fun4 introduction figure 1. Approaches and methodologies for strategic information. In order to maintain the authenticity and the accuracy of the. Aid the development of a welldesigned security management approach and thereby help to mitigate your organisations legal and. Introduction to information security 1st edition elsevier. Implementation of this function in the organization can be done through the utilization of risk assessment tools in order to depict potential risks to information security. In this excerpt of introduction to information security. A strategicbased approach by timothy shimeall at indigo.
Nuclear regulatory commission s nrcs information security strategic plan issp for fiscal year fy 20102015 describes how the information security is program contributes to the agencys mission and provides highlevel direction and prioritization for nrc internal is. The four strategic stages developed are deception, frustration, resistance, and recognitionrecovery. In this report, the authors aim to achieve four things. Strategic planning for information security robert wentworth gsec assignment 1. Baldwin redefining security has recently become something of a cottage industry. Developing an information security and risk management.
The following is an excerpt from the book introduction to information security. Information security is essential to the mission and institutional strategic goals of east tennessee state university. A practical guide to defining an information security strategy is then provided, covering the nuts and bolts of defining longterm information security goals that effectively protect information resources. By providing a strategy based introduction, the reader is given a clear understanding of how to provide overlapping defenses for critical information. Management of the risk another vital function of ciso is managing the risks, which are interrelated with the functions of continuous assessment. Elements of information security strategy information technology essay abstract. Effective security strikes a balance between protection and convenience. The authors provide a strategybased introduction to providing defenses as a basis for engineering and riskmanagement decisions in the defense of.
The authors provide a strategy based introduction to providing defenses as a basis for engineering and riskmanagement decisions in the defense of information. Introduction to information security sciencedirect. Information security leaders and practitioners need a framework for guiding the organization around its strategic plan. According to price waterhouse coopers 2012 global state of information security survey, over 70% of respondents. Elements of information security strategy information. The authors provide a strategybased introduction to providing defenses as a basis for engineering and riskmanagement decisions in the defense of information. First, they distinguish between political strategic and military decisions in the work of defense planning.
1308 1269 69 1478 459 1187 97 868 464 508 275 206 120 1602 501 429 1102 840 1316 1315 621 1536 698 1154 972 976 860 1114 353 256 467 214 1398 1028