Share a link:
https://casecent.re/p/5344
Write a review
|
No reviews for this item
This product has not been used yet
Abstract
Information security is not a technical issue; it is a management issue. It rests on three cornerstones - critical infrastructures, organization, and technology. Although critical infrastructures are beyond the direct control of the organization, balancing them is a critical component of corporate governance. Total security is neither technically feasible nor operationally practicable. Therefore, the organization must determine which information assets must be protected and the degree of protection. As Internet based commerce diffuses through society, there will be decreasing tolerance on the part of customers for losses stemming from perceived or actual cyber vulnerabilities. Only senior management can initiate the plans and policies that address the different aspects of security in a balanced and integrated manner. Leaving security primarily to the IT function will strengthen just one of the cornerstones - namely, technology - and will not yield the intended results. Security lapses are management failures more than technical failures. This article presents an organizational security approach that senior managers can use as a roadmap to initiate security plans and policies and audit their implementation.
About
Abstract
Information security is not a technical issue; it is a management issue. It rests on three cornerstones - critical infrastructures, organization, and technology. Although critical infrastructures are beyond the direct control of the organization, balancing them is a critical component of corporate governance. Total security is neither technically feasible nor operationally practicable. Therefore, the organization must determine which information assets must be protected and the degree of protection. As Internet based commerce diffuses through society, there will be decreasing tolerance on the part of customers for losses stemming from perceived or actual cyber vulnerabilities. Only senior management can initiate the plans and policies that address the different aspects of security in a balanced and integrated manner. Leaving security primarily to the IT function will strengthen just one of the cornerstones - namely, technology - and will not yield the intended results. Security lapses are management failures more than technical failures. This article presents an organizational security approach that senior managers can use as a roadmap to initiate security plans and policies and audit their implementation.