Threats, Risks and the Derived Information Security Strategy
- 902 Downloads
This article concentrates on the development of an information security strategy.
An information security strategy needs to focus on an overall objective, usually the objectives laid out in an organization’s business strategy and its derived information technology strategy, where it takes the status quo and reflects the main objectives derived and postulates how and when to close the identified gaps. This strategy approach for improving information security is intended for an organization which supports an automotive and captive finance enterprise but is not restricted to this. The approach is aligned to the scope of ISO 270002 “Code of Practice for an Information Security Management System” [ISO05]. However, compliance is left out of the scope.
The strategy concentrates on four areas considered the relevant areas for infonnation security: people, business processses. applications and infrastructure and has therefore a clear focus on processes, stability, resilience and efficiency which are the pillars of a successful enterprise.
KeywordsBusiness Process Information Security Information User Virtual Server Local Entity
- [DNSS 11]eurID insights: DNS SECurity Extensions Technical Overview, 2011, http://www.eurid.eu/files/ Insights_DNSSEC2.pdf
- International Organization for Standardization – ISO 27002: Code of Practice for Information Security Management, 2005Google Scholar
- [LFRM10]Lenka Fibikova, Roland Mueller: “A Simplified Approach for Classifying Applications” at ISSE 2010, Berlin, Germany, October 2010.Google Scholar
- [Syma12] Symantec: Internet Security Threat Report 2011– Trends, Volume 17, April 2012, http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf
- [TCSR11] Hewlett-Packard: 2011 Top Cyber Security Risk Report, September 2011, http://www.hpenterprisesecurity.com/collateral/report/2011FullYearCyberSecurityRisksReport.pdf
- [Veri12] Verizon: 2012 Data Breach Investigations Report, March 2012, http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report −2012_en_xg.pdf