Abstract
This article concentrates on the development of an information security strategy.
An information security strategy needs to focus on an overall objective, usually the objectives laid out in an organization’s business strategy and its derived information technology strategy, where it takes the status quo and reflects the main objectives derived and postulates how and when to close the identified gaps. This strategy approach for improving information security is intended for an organization which supports an automotive and captive finance enterprise but is not restricted to this. The approach is aligned to the scope of ISO 270002 “Code of Practice for an Information Security Management System” [ISO05]. However, compliance is left out of the scope.
The strategy concentrates on four areas considered the relevant areas for infonnation security: people, business processses. applications and infrastructure and has therefore a clear focus on processes, stability, resilience and efficiency which are the pillars of a successful enterprise.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Literature
eurID insights: DNS SECurity Extensions Technical Overview, 2011, http://www.eurid.eu/files/ Insights_DNSSEC2.pdf
International Organization for Standardization – ISO 27002: Code of Practice for Information Security Management, 2005
Lenka Fibikova, Roland Mueller: “A Simplified Approach for Classifying Applications” at ISSE 2010, Berlin, Germany, October 2010.
[Syma12] Symantec: Internet Security Threat Report 2011– Trends, Volume 17, April 2012, http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf
[TCSR11] Hewlett-Packard: 2011 Top Cyber Security Risk Report, September 2011, http://www.hpenterprisesecurity.com/collateral/report/2011FullYearCyberSecurityRisksReport.pdf
[Veri12] Verizon: 2012 Data Breach Investigations Report, March 2012, http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report −2012_en_xg.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Fibikova, L., Mueller, R. (2012). Threats, Risks and the Derived Information Security Strategy. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2012 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-00333-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-658-00333-3_2
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-00332-6
Online ISBN: 978-3-658-00333-3
eBook Packages: Computer ScienceComputer Science (R0)