Abstract
The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of “Network centric warfare”, “Information superiority” and “Information warfare” especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Posthumus, S., Von Solms, R.: A framework for the governance of information security. Computers & Security 23(8), 638–646 (2004)
Siponen, M., Oinas-Kukkonen, H.: A review of information security issues and respective research contributions. ACM SIGMIS Database 38(1), 80 (2007)
ISO/IEC27001: Information technology – Security techniques – Information Security Management Systems - Requirements (2005)
Richardson, R.: The 13th Annual Computer Crime and Security Survey, Computer Security Institute (2008)
JP3–13: Joint Doctrine for Information Operation, United States of America (2006)
FM100-06: Information Operations, Headquarters, Department of the Army, Washington, United States of America(1996)
Kurose, J.F., Ross, K.W.: Computer Networking, Addison Wesley, 4th edn. United States of America (2008)
Waltz, E.: Information Warfare: Principles and Operations. Artech House (1998)
FM3-13: Information Operations: Doctrine, Tactics, Techniques, and Procedures, Headquarters, Department of the Army, Washington, United States of America (2003)
Erbschloe, M.: Physical Security for IT. Elsevier Digital Press, United States of America (2005)
Tikk, E.: National Defense Policies for Cyber Space – Background and Effect of the Estonian Cyber Attacks. Academia Militar, Lisboa (2008)
Tikk, E., et al.: Cyber Attacks Against Georgia: Legal Lessons Identified, NATO Unclassified Report v1.0, Cooperative Cyber Defense Centre of Excellence, Tallin, Estonia (2008)
Krektel, B., Bakos, G., Barnett, C.: Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation, Northrop Grumman Corporation, Report, United States of America (2009)
Alberts, D.S., Garstka, J.J., Stein, F.P.: Network Centric Warfare: Developing and Leveraging Information Superiorit, Washington, United States of America. CCRP Publication Series (1999)
Alberts, D.S., et al.: Understanding Information Age Warfare, Washington, United States of America. CCRP Publication Series (2001)
Hutchinson, W.: The Changing Nature of Information Security. In: 1st Information Security Management 2003, Australian (2003)
Chesla, A.: Information Security: A Defensive Battle. Information Security Journal: A Global Perspective 12(6), 24–32 (2004)
Laudon, K.C., Laudon, J.P.: Management Information Systems, 9th edn. Prentice Hall, United States of America (2006)
Pfleeger, C.P., Pfleeger, S.L.: Securiy in Computing, 9th edn. Prentice Hall, United States of America (2007)
Harris, S.: CISSP All-in-One Exam Guide, 4th edn. McGraw-Hill, New York (2008)
ISO/IEC13335-1: Information technology- Security techniques-Management of information and communications technology security. Part 1: Concepts and models for information and communication technology security management (2004)
Hong, K., et al.: An integrated system theory of information security management. Information Management and Computer Security 11, 243–248 (2003)
COBIT4.0: Control Objectives – Management Guidelines – Maturity Models, IT Governance Institute, United States of America (2005)
Vermeulen, C., Von Solms, R.: The information security management toolbox-taking the pain out of security management. Information Management and Computer Security 10(2/3), 119–125 (2002)
Finne, T.: A conceptual framework for information security management. Computers & Security 17(4), 303–307 (1998)
Nnolim, A., Steenkamp, A.: An Architectural and Process Model Approach to Information Security Management. Information Systems Education Journal 6, 31 (2008)
von Solms, B.: Information security—a multidimensional discipline. Computers & Security 20(6), 504–508 (2001)
Kajava, J., et al.: Information Security Standards and Global Business. Industrial Technology, 15–17 (2006)
Ma, Q., Johnston, A., Pearson, J.: Information security management objectives and practices: a parsimonious framework. Information Management & Computer Security 16(3), 251–270 (2008)
Baskerville, R.: Information systems security design methods: implications for information systems development. ACM Computing Surveys (CSUR) 25(4), 375–414 (1993)
Eloff, M., Von Solms, S.: Information security management: a hierarchical framework for various approaches. Computers & Security 19(3), 243–256 (2000)
Kritzinger, E., Smith, E.: Information security management: An information security retrieval and awareness model for industry. Computers & Security 27(5-6), 224–231 (2008)
Broderick, J.: ISMS, security standards and security regulations. Information Security Technical Report 11(1), 26–31 (2006)
Humphreys, E.: Information security management standards: Compliance, governance and risk management. Information Security Technical Report 13(4), 247–255 (2008)
ISO/IEC27002: Information Technology-Security Techniques-Code of Practice for Information Security Management (2007)
ISO/IEC13335-4: Information technology- Guidelines for the management of IT Security. Part 4: Selection of safeguards (2000)
ISO/IEC13335-5: Information technology-Guidelines for the management of IT Security. Part 5: Management guidance on network (2001)
Von Solms, R.: Information security management: why standards are important. Information Management and Computer Security 7, 50–57 (1999)
NIST-SP800-53: Information Security (2007)
NIST-SP800-42: Computer Security – Guideline on Network Security Testing (2001)
Barafort, B., Humbert, J., Poggi, S.: Information Security Management and ISO/IEC 15504: the link opportunity between Security and Quality (2006)
ISO/IEC15408: Information Technology-Security Techniques-Evaluation Criteria for IT Security (2005)
Alberts, C., Dorofe, A.: OCTAVE – Method Implementation Guide Version 2.0, Carnegie Mellon, Software Engineering Institute, United States of America (2001)
Huang, S., Lee, C., Kao, A.: Balancing performance measures for information security management. Industrial Management & Data Systems 106(2) (2006)
Martins, J.C.L., Santos, H.M.D.d., Nunes, P.V.: Security Framework for Information Systems. In: 8th European Conference on Information Warfare and Security, Lisboa (2009)
Farn, K.J., Lin, S.K., Fung, A.R.W.: A study on information security management system evaluation - assets, threat and vulnerability. Computer Standards & Interfaces 26(6), 501–513 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Martins, J., dos Santos, H. (2010). Methods of Organizational Information Security . In: Tenreiro de Magalhães, S., Jahankhani, H., Hessami, A.G. (eds) Global Security, Safety, and Sustainability. ICGS3 2010. Communications in Computer and Information Science, vol 92. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15717-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-15717-2_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15716-5
Online ISBN: 978-3-642-15717-2
eBook Packages: Computer ScienceComputer Science (R0)