Abstract
Previous chapters in this book have examined a wide range of technical, legal, and organizational issues with regard to security. This final chapter provides in-depth coverage of the issues involved in developing a secure organization. It starts by examining the forces that are making security a top organizational concern. It goes on to a description of the information security organization from the perspectives of organizational theory and behavior theory. Next, the chapter provides an in depth discussion of the relationship between the CIO and CSO and concludes with a summary and brief discussion of the issues faced by organizations as they develop an architecture for security.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anonymous, 2001. Information Security Oversight-Essential Board Practices. Board Leadership Series. National Association of Corporate Directors.
Alberts, Christopher & Dorofee, Audrey 2003. Managing Information Security Risks-The OCTAVEsm Approach. New Jersey: Pearson Education.
Alter, Steven 2002. E-Business Security and Control. Information Systems-The Foundation of E-Business. New Jersey: Prentice-Hall, pp. 510–549.
Barth, Steve 2001. Protecting the Knowledge Enterprise. Knowledge Management, March 2001. New York: Freedom Communications, pp. 44–52.
Basel Committee on Banking Supervision 2001. Consultative Document-Operational Risk. Bank for International Settlements. www.bis.org.
Brown, David B. 1995. Technimanagement-The Human Side of the Technical Organization. New Jersey: Prentice-Hall.
Daft, Richard L. 1998. Organization Theory and Design. Cincinnati: South-Western College Publishing.
Davenport, Thomas H. 1997. Information Ecology-Mastering the Information and Knowledge Environment. Oxford: Oxford University Press.
Fox, S. & Wilson, R. 2002. HHS Responds to Frequently Asked Questions. HIPA Advisory. Phoenix Health Systems. www.hipaadvisory.com.
Gray, Andrew 2002. Risk Evaluation and Management Explained. Information Security Research Notes. North Brunswick, NJ: Icons, Inc. www.iconsinc.com
Greenberg, Jerald & Baron, Robert A. 2000. Behavior in Organizations. Seventh Edition. New Jersey: Prentice-Hall.
Gue, D’arcy Guerin. 2002. The HIPAA Security Rule: Overview. HIPA Advisory. Phoenix Health Systems, www.hipaadvisory.com.
Katz, Ralph (editor) 1997. The Human Side of Managing Technical Innovation: A Collection of Readings. Oxford: Oxford University Press.
Krutz, Ronald L. & Vines, Russell Dean. 2001. The CISSP Prep Guide-Mastering the Ten Domains of Computer Security. New York: Wiley.
Mandia, Kevin & Prosise, Chris 2001. Incident Response-Investigating Computer Crime. New York: Osborne/McGraw-Hill.
Morabito, J., Sack, I., & Bhate, A. 1999. Organization Modeling-Innovative Architectures for the 21st Century. New Jersey: Prentice-Hall.
Murray, W. 2000. Enterprise Security Architecture. Information Security Management Handbook. Fourth Edition. Boca Raton, Florida: CRC Press LLC.
Nonaka & Takeuchi. 1995. The Knowledge Creating Company. Oxford: Oxford University Press.
Peltier, Thomas R. 2001. Information Security Risk Analysis. Boca Raton, Florida: CRC Press LLC.
Poore, Ralph Spencer 2000. Information Law. Information Security Management Handbook Fourth Edition. Boca Raton, Florida: CRC Press LLC. P. 676.
Power, Richard 2002. CSI/FBI Computer Crime and Security Survey. Computer Security Issues and Trends Vol. 8 No. 1. San Francisco: Computer Security Institute.
Robbins, Stephen P. 1990. Organization Theory-Structure, Design, and Applications. Third Edition. New Jersey: Prentice-Hall.
Schein, Edgar H. 1992. Organizational Culture and Leadership. San Francisco: Jossey-Bass Inc.
Schneier, Bruce 2000. Secrets & Lies-Digital Security in a Networked World. New York: Wiley.
Schultze, Quentin J. 2002. Habits of the High-Tech Heart. Grand Rapids, MI: Baker Academic.
Shafritz, Jay M. & Ott, J. Steven 1996. Classics of Organization Theory. Fourth Edition. Orlando, Florida: Harcourt, Brace and Company.
Simons, Robert & Davila, Antonio. 1998. How High is Your Return on Management? Harvard Business Review on Measuring Corporate Performance. Massachusetts: Harvard Business School Press, pp 73–97.
Tipton, Harold F. & Krause, Micki (editors) 2000. Information Security Management Handbook. Fourth Edition. Boca Raton, Florida: CRC Press LLC.
Treese, G. Winfield & Stewart, Lawrence C., 1998. Designing Systems for Internet Commerce. Reading, Mass.: Addison-Wesley.
Tudor, Jan Killmeyer 2001. Information Security Architecture-An Integrated Approach to Security in the Organization. Boca Raton, Florida: CRC Press LLC.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Kluwer Academic Publishers
About this chapter
Cite this chapter
Rohmeyer, P. (2004). Organizing for Security. In: Ghosh, S., Malek, M., Stohr, E.A. (eds) Guarding Your Business. Springer, Boston, MA. https://doi.org/10.1007/0-306-48638-5_12
Download citation
DOI: https://doi.org/10.1007/0-306-48638-5_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-306-48494-0
Online ISBN: 978-0-306-48638-8
eBook Packages: Springer Book Archive