Drivers Metrics and Best Practices for Information Security
نویسنده
چکیده
Information security is one of the top problems of business executive and information system managers alike. Pervasive use of information technology in all aspects of business today as well as highlighted need for regulatory compliance calls for analysis of information systems in their entirety – going beyond technical aspects and considering people and organizations as well. In my dissertation, I am studying the motivations and incentives of parties involved in information security interactions using economic analysis. I propose to identify the drivers of information security decisions, metrics of information security effectiveness and incentive mechanisms that make security policies work. I employ tools of economics and game theory as well as analyze empirical information security performance data collected in collaboration with a major IT security service provider.
منابع مشابه
Enterprise Information Security Policy Assessment - An Extended Framework for Metrics Development Utilising the Goal-Question-Metric Approach
Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two eleme...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملSecurity Metrics for e-Healthcare Information Systems: A Domain Specific Metrics Approach
Information sharing among different healthcare organizations is critical for efficient and cost effective healthcare service delivery. Healthcare organisations with information systems need to be interconnected to ensure information exchange. Interconnectivity increases exposure to risk of damage, loss and fraud. Security and privacy of patients’ information are concerns of all healthcare organ...
متن کاملA Novel Security Metrics Taxonomy for R&D Organisations
In order to obtain evidence of the security and privacy issues of products, services or an organization, systematic approaches to measuring security are needed. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives. We aim to bridge the gaps between business management, information security management and ICT product securit...
متن کامل