• DocumentCode
    3372059
  • Title

    Strategic Planning for Information Security and Assurance

  • Author

    Port, Daniel ; Kazman, Rick ; Takenaka, Ann

  • Author_Institution
    Dept. of Inf. Technol. Manage., Hawaii Univ., Hilo, HI
  • fYear
    2008
  • fDate
    24-26 April 2008
  • Firstpage
    466
  • Lastpage
    471
  • Abstract
    Dealing with risk is critical to the success of any information security and assurance endeavor. With society\´s ever-increasing dependence on large-scale information systems, dealing with security risk is a topic of considerable importance and attention. It is generally infeasible to provide "total security" for any information system. As a result, successful risk management must be strategically planned with regard to desired assurance levels and costs. In this paper we define the practices associated with strategic planning for managing information security and assurance. We provide a concrete and practical approach for generating such strategic plans that is provably optimal and robust.
  • Keywords
    information systems; risk management; security of data; strategic planning; information assurance; information security; large-scale information system; risk management; security risk; strategic planning; Conference management; Costs; Data security; Information management; Information security; Information technology; Management information systems; Risk management; Robustness; Strategic planning; security planning; security risk managament; strategic planning;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Security and Assurance, 2008. ISA 2008. International Conference on
  • Conference_Location
    Busan
  • Print_ISBN
    978-0-7695-3126-7
  • Type

    conf

  • DOI
    10.1109/ISA.2008.88
  • Filename
    4511612
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3372059