Title :
Is Information Security Under Control?: Investigating Quality in Information Security Management
Author :
Baker, Wade H. ; Wallace, Linda
Author_Institution :
Dept. of Bus. Inf. Technol., Virginia Tech, Blacksburg, VA
Abstract :
Over the past decade, organizations have sought to become more efficient and productive by adopting information and communication technologies. Organizations are consequently more aware of information security risks and the need to take appropriate action. Previous studies of organizations´ use of information security controls have focused on the presence or absence of controls, rather than their quality. We designed and conducted a survey as an initial step toward meeting this challenge. To do this, we benchmarked how organizations manage information security by implementating various controls. Although security surveys are nothing new, our method aims to uncover specific details of control implementation and focus on implementation quality. With a more precise understanding of current practices, information security management can begin to properly pursue effective strategies to improve quality and lower risk
Keywords :
risk management; security of data; information and communication technologies; information security controls; information security management; information security risks; Computer security; Information management; Information security; Management training; Privacy; Protection; Quality management; Size control; Software maintenance; Software quality; ICTs; information and communication technologies; information security; quality control;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2007.11
