INFORMATION SECURITY OBJECTIVES AND PRACTICES

Information security is a management problem, not atechnology one. Experience indicates that technologycannot provide all the answers to the problems posedby people in the context of information securitymanagement (ISM). Although many different frameworksand guidelines have been proposed by researchers,practitioners, consultants, government andorganizations, current information securityobjectives and practices are inconsistent ormisleading to practitioners. Concepts in the fieldof ISM are largely based on case studies, anecdotalevidence and the prescription ofindustry "leaders". There is little consensus onwhich security objectives should be achieved, whichfactors are critical to achieve successful securityinitiatives, and what is the relationship betweenbest practices and objectives.To help practitioners effectively achieve theirinformation security goals, this study aims toanswer these questions.

Autorentext

Dr. Ma's research interests include IS/IT adoption, e-commerce, and info security management. His articles have appeared in The Communications of the AIS, Information & Management, Database of Advances, J. of Organizational & End User Computing, Intl J. of Healthcare Technology & Management, and Information Management & Computer Security.

Klappentext
Information security is a management problem, not a technology one. Experience indicates that technology cannot provide all the answers to the problems posed by people in the context of information security management (ISM). Although many different frameworks and guidelines have been proposed by researchers, practitioners, consultants, government and organizations, current information security objectives and practices are inconsistent or misleading to practitioners. Concepts in the field of ISM are largely based on case studies, anecdotal evidence and the prescription of industry "leaders". There is little consensus on which security objectives should be achieved, which factors are critical to achieve successful security initiatives, and what is the relationship between best practices and objectives. To help practitioners effectively achieve their information security goals, this study aims to answer these questions.