Advertisement

Threats, Risks and the Derived Information Security Strategy

  • Lenka FibikovaEmail author
  • Roland Mueller
Chapter
  • 902 Downloads

Abstract

This article concentrates on the development of an information security strategy.

An information security strategy needs to focus on an overall objective, usually the objectives laid out in an organization’s business strategy and its derived information technology strategy, where it takes the status quo and reflects the main objectives derived and postulates how and when to close the identified gaps. This strategy approach for improving information security is intended for an organization which supports an automotive and captive finance enterprise but is not restricted to this. The approach is aligned to the scope of ISO 270002 “Code of Practice for an Information Security Management System” [ISO05]. However, compliance is left out of the scope.

The strategy concentrates on four areas considered the relevant areas for infonnation security: people, business processses. applications and infrastructure and has therefore a clear focus on processes, stability, resilience and efficiency which are the pillars of a successful enterprise.

Keywords

Business Process Information Security Information User Virtual Server Local Entity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Literature

  1. [DNSS 11]
    eurID insights: DNS SECurity Extensions Technical Overview, 2011, http://www.eurid.eu/files/ Insights_DNSSEC2.pdf
  2. International Organization for Standardization – ISO 27002: Code of Practice for Information Security Management, 2005Google Scholar
  3. [LFRM10]
    Lenka Fibikova, Roland Mueller: “A Simplified Approach for Classifying Applications” at ISSE 2010, Berlin, Germany, October 2010.Google Scholar
  4. [Syma12] Symantec: Internet Security Threat Report 2011– Trends, Volume 17, April 2012, http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf
  5. [TCSR11] Hewlett-Packard: 2011 Top Cyber Security Risk Report, September 2011, http://www.hpenterprisesecurity.com/collateral/report/2011FullYearCyberSecurityRisksReport.pdf
  6. [Veri12] Verizon: 2012 Data Breach Investigations Report, March 2012, http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report −2012_en_xg.pdf

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  1. 1.Daimler Northeast Asia LtdBeijingChina
  2. 2.Daimler Financial Services AGBerlinGermany

Personalised recommendations