Abstract
The successful management of information security within an organization is vital to its survival and success. But, previous researches and methodologies on ISP(Information Strategy Planning) do not take security controls into consideration in strategy planning. This paper answers on difficult problems that organizations face in business environments when they try to develop strategy plans for information security by providing a methodology framework, process model and essential tools.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Baker, B.: The Role of Feedback in Assessing Information Systems Planning Effectiveness. Journal of Strategic Information Systems 4(1), 61–80 (1995)
Bayle, A.J.: Security in Open System Networks: A Tutorial Survey. Information Age 10(3) (1988)
Brannback, Malin, Effective Strategic Market Management with Knowledge-based Support Systems, Institute for Advanced Management Systems Research (1993)
Checkland, Peter: Systems Thinking, Systems Practice. John Wiley & Sons (1981)
Earl, M.J.: Experience in Strategic Information Systems Planning, MIS Quarterly (1993)
Fine, Leonard, H.: Computer Security - A Handbook for Management. William Heinemann (1983)
Fites, et al.: Controls and Security of Computer Information Systems. Computer Science Press (1989)
Hutt, A.E.: Management’s Roles in Computer Security. In: Computer Security Handbook, Macmillan Publishing Company, Basingstoke (1988)
ISO13335, Information Technology - Guidelines for the Management of IT Security, International Organization for Standardization (1996)
Dongook, J.: A Study on Development of TO-BE Enterprise Model for Information Strategy Planning, Master Thesis, Yonsei University (2000)
Bob, K.J.: The Risk Analysis and Management for Information System Using CRAMM, Master Thesis, KAIST (1996)
Lederer, A.L., Sethi, V.: Key Prescriptions for Strategic Information Systems Planning. Journal of Management Information Systems 13(1), 35–62 (1996)
Seong, L.C., Kim, S.: Introduction to an Integrated Methodology for Development and Implementation of Enterprise Information Systems. Journal of Systems and Software 60(3), 249–261 (2002)
Li, D.H.: Controls in a Computer Environment: Objectives, Guidelines, and Audit Procedures, EDP Auditors Foundation (1983)
Madnick, S.E.: Management Policies and Procedures Needed for Effective Computer Security. Sloan Management Review 19(3) (1978)
March, S.T., Smith, G.F.: Design and Natural Science Research on Information Technology, Decision Support Systems, No. 15 (1995)
Swanson, M.: Guide for Developing Security Plans for Information Technology Systems, NIST Special Publication 800-18, NIST (1998)
James, M.: Information Engineering. Prentice-Hall, Englewood Cliffs (1989)
Kevin, M., Len, W.: Evolution of a UK-sponsored Risk Analysis Methodology. IS Audit & Control Journal 3 (1996)
NIST, An introduction to computer security: the NIST handbook, NIST (1995)
Nolan, R.L.: Managing the Computer Resources: A Stage Hypothesis. Communications of the ACM 16(7) (1973)
Porter Michael, E.: How Competitive Forces Shape Strategy, Harvard Business Review, vol. 57 (1979)
Gerald, P.V., David, D.J.: A Stochastic Dominance Approach to Risk Analysis of Computer Systems. MIS Quarterly 10(4) (1986)
Rex Jr., R.K., Charles, S.A., Houston, C.H.: Risk Analysis for Information Technology. Journal of Management Information Systems 8(1) (1991)
Vallabhaneni, R.: CISSP Examination Textbooks. SRV Professional Publications (2000)
Krutz, R.L., Vines, R.D.: The CISSP Prep Guide: Mastering the Ten Domains of Computer Security. John Wiley & Sons, Chichester (2001)
Sage, A.P.: Systems Engineering. John Wiley & Sons, New York (1992)
Schweitzer, J.A.: Protecting Information in the Electronic Workplace: A Guide for Managers. Reston Publishing Company (1983)
Peltier, T.R.: Information Security Policies and Procedures, Auerbach (1999)
Ron, W.: EDP Audting: Conceptual Foundations and Practice. McGraw-Hill, New York (1988)
Duncan, W.R.: A Guide to the Project Management Body of Knowledge, PMI (1996)
Zachman, J.A.: A Framework for Information Systems Architecture. IBM Systems Journal 26(3) (1987)
Zani, W.M.: Blueprint for MIS. Harvard Business Review 48(6), 95–100 (1970)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, S., Leem, C.S. (2004). An Information Engineering Methodology for the Security Strategy Planning. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_71
Download citation
DOI: https://doi.org/10.1007/978-3-540-24707-4_71
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22054-1
Online ISBN: 978-3-540-24707-4
eBook Packages: Springer Book Archive