Skip to main content
SpringerLink
Log in

Methods of Organizational Information Security

(A Literature Review)

  • Conference paper
Global Security, Safety, and Sustainability (ICGS3 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 92))

  • 1207 Accesses

Abstract

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of “Network centric warfare”, “Information superiority” and “Information warfare” especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Posthumus, S., Von Solms, R.: A framework for the governance of information security. Computers & Security 23(8), 638–646 (2004)

    Article  Google Scholar 

  2. Siponen, M., Oinas-Kukkonen, H.: A review of information security issues and respective research contributions. ACM SIGMIS Database 38(1), 80 (2007)

    Article  Google Scholar 

  3. ISO/IEC27001: Information technology – Security techniques – Information Security Management Systems - Requirements (2005)

    Google Scholar 

  4. Richardson, R.: The 13th Annual Computer Crime and Security Survey, Computer Security Institute (2008)

    Google Scholar 

  5. JP3–13: Joint Doctrine for Information Operation, United States of America (2006)

    Google Scholar 

  6. FM100-06: Information Operations, Headquarters, Department of the Army, Washington, United States of America(1996)

    Google Scholar 

  7. Kurose, J.F., Ross, K.W.: Computer Networking, Addison Wesley, 4th edn. United States of America (2008)

    Google Scholar 

  8. Waltz, E.: Information Warfare: Principles and Operations. Artech House (1998)

    Google Scholar 

  9. FM3-13: Information Operations: Doctrine, Tactics, Techniques, and Procedures, Headquarters, Department of the Army, Washington, United States of America (2003)

    Google Scholar 

  10. Erbschloe, M.: Physical Security for IT. Elsevier Digital Press, United States of America (2005)

    Google Scholar 

  11. Tikk, E.: National Defense Policies for Cyber Space – Background and Effect of the Estonian Cyber Attacks. Academia Militar, Lisboa (2008)

    Google Scholar 

  12. Tikk, E., et al.: Cyber Attacks Against Georgia: Legal Lessons Identified, NATO Unclassified Report v1.0, Cooperative Cyber Defense Centre of Excellence, Tallin, Estonia (2008)

    Google Scholar 

  13. Krektel, B., Bakos, G., Barnett, C.: Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation, Northrop Grumman Corporation, Report, United States of America (2009)

    Google Scholar 

  14. Alberts, D.S., Garstka, J.J., Stein, F.P.: Network Centric Warfare: Developing and Leveraging Information Superiorit, Washington, United States of America. CCRP Publication Series (1999)

    Google Scholar 

  15. Alberts, D.S., et al.: Understanding Information Age Warfare, Washington, United States of America. CCRP Publication Series (2001)

    Google Scholar 

  16. Hutchinson, W.: The Changing Nature of Information Security. In: 1st Information Security Management 2003, Australian (2003)

    Google Scholar 

  17. Chesla, A.: Information Security: A Defensive Battle. Information Security Journal: A Global Perspective 12(6), 24–32 (2004)

    Article  Google Scholar 

  18. Laudon, K.C., Laudon, J.P.: Management Information Systems, 9th edn. Prentice Hall, United States of America (2006)

    Google Scholar 

  19. Pfleeger, C.P., Pfleeger, S.L.: Securiy in Computing, 9th edn. Prentice Hall, United States of America (2007)

    Google Scholar 

  20. Harris, S.: CISSP All-in-One Exam Guide, 4th edn. McGraw-Hill, New York (2008)

    Google Scholar 

  21. ISO/IEC13335-1: Information technology- Security techniques-Management of information and communications technology security. Part 1: Concepts and models for information and communication technology security management (2004)

    Google Scholar 

  22. Hong, K., et al.: An integrated system theory of information security management. Information Management and Computer Security 11, 243–248 (2003)

    Article  Google Scholar 

  23. COBIT4.0: Control Objectives – Management Guidelines – Maturity Models, IT Governance Institute, United States of America (2005)

    Google Scholar 

  24. Vermeulen, C., Von Solms, R.: The information security management toolbox-taking the pain out of security management. Information Management and Computer Security 10(2/3), 119–125 (2002)

    Google Scholar 

  25. Finne, T.: A conceptual framework for information security management. Computers & Security 17(4), 303–307 (1998)

    Article  Google Scholar 

  26. Nnolim, A., Steenkamp, A.: An Architectural and Process Model Approach to Information Security Management. Information Systems Education Journal 6, 31 (2008)

    Google Scholar 

  27. von Solms, B.: Information security—a multidimensional discipline. Computers & Security 20(6), 504–508 (2001)

    Article  Google Scholar 

  28. Kajava, J., et al.: Information Security Standards and Global Business. Industrial Technology, 15–17 (2006)

    Google Scholar 

  29. Ma, Q., Johnston, A., Pearson, J.: Information security management objectives and practices: a parsimonious framework. Information Management & Computer Security 16(3), 251–270 (2008)

    Article  Google Scholar 

  30. Baskerville, R.: Information systems security design methods: implications for information systems development. ACM Computing Surveys (CSUR) 25(4), 375–414 (1993)

    Article  Google Scholar 

  31. Eloff, M., Von Solms, S.: Information security management: a hierarchical framework for various approaches. Computers & Security 19(3), 243–256 (2000)

    Article  Google Scholar 

  32. Kritzinger, E., Smith, E.: Information security management: An information security retrieval and awareness model for industry. Computers & Security 27(5-6), 224–231 (2008)

    Article  Google Scholar 

  33. Broderick, J.: ISMS, security standards and security regulations. Information Security Technical Report 11(1), 26–31 (2006)

    Article  Google Scholar 

  34. Humphreys, E.: Information security management standards: Compliance, governance and risk management. Information Security Technical Report 13(4), 247–255 (2008)

    Article  Google Scholar 

  35. ISO/IEC27002: Information Technology-Security Techniques-Code of Practice for Information Security Management (2007)

    Google Scholar 

  36. ISO/IEC13335-4: Information technology- Guidelines for the management of IT Security. Part 4: Selection of safeguards (2000)

    Google Scholar 

  37. ISO/IEC13335-5: Information technology-Guidelines for the management of IT Security. Part 5: Management guidance on network (2001)

    Google Scholar 

  38. Von Solms, R.: Information security management: why standards are important. Information Management and Computer Security 7, 50–57 (1999)

    Article  Google Scholar 

  39. NIST-SP800-53: Information Security (2007)

    Google Scholar 

  40. NIST-SP800-42: Computer Security – Guideline on Network Security Testing (2001)

    Google Scholar 

  41. Barafort, B., Humbert, J., Poggi, S.: Information Security Management and ISO/IEC 15504: the link opportunity between Security and Quality (2006)

    Google Scholar 

  42. ISO/IEC15408: Information Technology-Security Techniques-Evaluation Criteria for IT Security (2005)

    Google Scholar 

  43. Alberts, C., Dorofe, A.: OCTAVE – Method Implementation Guide Version 2.0, Carnegie Mellon, Software Engineering Institute, United States of America (2001)

    Google Scholar 

  44. Huang, S., Lee, C., Kao, A.: Balancing performance measures for information security management. Industrial Management & Data Systems 106(2) (2006)

    Google Scholar 

  45. Martins, J.C.L., Santos, H.M.D.d., Nunes, P.V.: Security Framework for Information Systems. In: 8th European Conference on Information Warfare and Security, Lisboa (2009)

    Google Scholar 

  46. Farn, K.J., Lin, S.K., Fung, A.R.W.: A study on information security management system evaluation - assets, threat and vulnerability. Computer Standards & Interfaces 26(6), 501–513 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Academia Militar - Cinamil, Lisboa, Portugal

    José Martins

  2. Department of Information Systems, University of Minho, Guimarães, Portugal

    Henrique dos Santos

Authors
  1. José Martins
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Henrique dos Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Universidade Católica Portuguesa, R. de Camões, Braga, Portugal

    Sérgio Tenreiro de Magalhães

  2. School of Computing and Information Technology and Engineering, University of East London, London,, UK

    Hamid Jahankhani

  3. Systems Assurance, City University, London, UK

    Ali G. Hessami

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Martins, J., dos Santos, H. (2010). Methods of Organizational Information Security . In: Tenreiro de Magalhães, S., Jahankhani, H., Hessami, A.G. (eds) Global Security, Safety, and Sustainability. ICGS3 2010. Communications in Computer and Information Science, vol 92. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15717-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15717-2_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15716-5

  • Online ISBN: 978-3-642-15717-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation