Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security

ISC 2006: Information Security pp 530–545Cite as

Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4176))

Abstract

For how long can a business remain without its information systems? Current business goals and objectives highly depend on their availability. This highly dynamic and complex system must be properly secured and managed in order to ensure business survivability. However, the lack of a universally accepted information security critical factors’ taxonomy and indicators make security management of information systems (SMIS) a tough challenge. Effective information security management requires special focus on identifying the critical success factors (CSFs) when implementing and ensuring SMIS. The purpose of this paper is to share a group of 12 CSFs identified in the current information security literature as well as a set of 76 indicators which are easy to calculate and attempt to provide valuable information to organizations seeking information security level measurements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ernst&Young.: Global Information Security Survey (2002), www.ey.com

  2. Bjorck, F.: Institutional Theory: A New Perspective for Research into IS/IT Security in Organizations. In: Proceedings of the 37th Hawaii International Conference on System Sciences (2004)

    Google Scholar 

  3. Institute of Electrical and Electronics Engineers: IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries. New York, NY (1990)

    Google Scholar 

  4. Firesmith, D.G.: Common Concepts Underlying Safety, Security and Survivability Engineering (December 2003), CMU/SEI-2003-TN-033

    Google Scholar 

  5. Burling, M.: The key to compliance, www.net-security.org

  6. Kajava, J., Savola, R.: Towards Better Information Security Management by Understanding Security Metrics and Measuring Processes (2005)

    Google Scholar 

  7. Dhillon, G., Backhouse, J.: Information System Security Management in the New Millennium. Communication of the ACM 43(7) (July 2000)

    Google Scholar 

  8. Von Sloms, S.H., Von Sloms, R.: From Information Security to.... Business Security? Computer & Security 24, 271–273 (2005)

    Article  Google Scholar 

  9. Caralli, R.A., Wilson, W.R.: The challenges of Security Management. Networked Systems Survivability Program, SEI

    Google Scholar 

  10. Anderson James, M.: Why We Need a New Definition of Information Security

    Google Scholar 

  11. Schneier, B.: Monthly Newsletter, www.schneier.com

  12. Dhillon, G.: Managing and Controlling Computer Misuse. Information Management & Computer Security 7/4, 171–175 (1999)

    Article  Google Scholar 

  13. Dhillon, G.: Violating of Safeguards by Trusted Personal and Understanding Related Information Security Concerns. Computer & Security 20(2), 165–172 (2001)

    Article  Google Scholar 

  14. Dhillon, G., Moores, S.: Computer crimes: Theorizing About the Enemy Within. Computer & Security 20(8), 715–723 (2001)

    Article  Google Scholar 

  15. Torres, J.M., Sarriegui, J.M.: Dynamics Aspects of Security Management of Information Systems. In: Proceedings of Systems Dynamic Society Conference, Oxford, UK (July 2003)

    Google Scholar 

  16. Anderson, R.: Why Information Security is Hard: An Economic Perspective (2001)

    Google Scholar 

  17. Reason, J.: Managing the Risk of Organizational Accidents. Ashgate Publishing Ltd., Hants (1997)

    Google Scholar 

  18. Andersen, D., Cappelli, D., Gonzalez, J., Mojtahedzadeh, M., Moore, A., Rich, E., Sarriegui, J.M., Shimeall, T., Stanton, J., Weaver, E., Zagonel, A.: Preliminary System Dynamics Maps of the Insider Cyber-Threat Problem. In: Proceedings of System Dynamics Society Conference, Oxford, UK (2004)

    Google Scholar 

  19. Melara, C., Sarriegui, J.M., Gonzalez, J., Sawicka, A., Cooke, D.L.: A System Dynamics Model of an Insider Attack on an Information System. In: From Modeling to Managing Security: A System Dynamics Approach, Norwegian Academic Press Kristians, Norway (2003)

    Google Scholar 

  20. Wilson, S.: The Future of Vulnerability Management: Information Security Bulletin  8, 69 (2003)

    Google Scholar 

  21. Schneier, B.: Information Security Management. In: Conference in Bilbao, Spain (2005)

    Google Scholar 

  22. Berinato, S., Cosgrove, L.: Six Secrets of Highly Secure Organizations. CIO magazine (September 15, 2004)

    Google Scholar 

  23. Theoharidou, M., Karida, M., Kokolakis, S.: The Insider Threat to Information Systems and the Effectiveness of ISO 17799. Computer&Security 24, 472–848 (2005)

    Google Scholar 

  24. Parker, D.: Fighting Computer Crime. John Wiley & Sons, New York (1998)

    Google Scholar 

  25. Torres, J.M., Sarriegui, J.M., Santos, J.: Searching for Preventive-Corrective Security Balance. In: Proceedings of Systems Dynamic Society Conference, Boston U.S.A (July 2005)

    Google Scholar 

  26. Gonzalez, J., Rich, E.: Helping Prevent Information Security Risks in the Transition to Integrated Operations. Teletronikk 1 (2005)

    Google Scholar 

  27. Sarriegui, J.M., Eceiza, E., Torres, J.M., Santos, J.: Security Management of Information Systems Report (2005)

    Google Scholar 

  28. Bjorck, F.: Implementing Information Security Management System: Empirical Study of Critical Success Factors

    Google Scholar 

  29. Schneier, B.: Applied Cryptography: Protocols, Algorithms and Source Code in C. John Wiley& Sons Inc., New York (1994)

    Google Scholar 

  30. Von Sloms, S.H.: Information Security Governance: compliance management vs. operational management. Computer&Security 24, 433–447 (2005)

    Google Scholar 

  31. Gordon, L., Loeb, M.: Managing Cyber Security Resources. A cost-benefit analysis. McGraw-Hill, New York (2006)

    Google Scholar 

  32. Schneier, B.: Beyond Fears, 1st edn. Copernicus Book, New York (2003)

    Google Scholar 

  33. IBM Global Business Security index survey. Potential threats to information security during 2006 (2005)

    Google Scholar 

  34. Mitnick, K.: The Art of Deception. John Wiley Inc., Indianapolis, Indiana (2002)

    Google Scholar 

  35. Schultz, E.: The human Factor in Security. Computer&Security 24, 425–426 (2005)

    Google Scholar 

  36. Schneier, B.: Managed Security Monitoring: Network Security for the 21st Century. Computer and Security 20, 491–503 (2001)

    Article  Google Scholar 

  37. Magklaras, G.B., Furnell, S.M.: A Preliminary Model of End User Sophistication for Insider Threat Prediction in IT Systems. Computer & Security 24, 371–380 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Industrial Management Engineering, TECNUN, University of Navarra, Paseo Manuel Lardizabal 13, 20018, San Sebastian, Spain

    Jose M Torres, Jose M Sarriegi, Javier Santos & Nicolás Serrano

Authors
  1. Jose M Torres
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jose M Sarriegi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Javier Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nicolás Serrano
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of the Aegean, University Hill, 81100, Mytilene, Greece

    Sokratis K. Katsikas

  2. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier López

  3. MPI-SWS,  

    Michael Backes

  4. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  5. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Torres, J.M., Sarriegi, J.M., Santos, J., Serrano, N. (2006). Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_38

Download citation

  • DOI: https://doi.org/10.1007/11836810_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38341-3

  • Online ISBN: 978-3-540-38343-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation