A strategic framework for managing internet security

The internet which was originally developed as an open distributed system has since evolved to become a key platform for connectivity of businesses and communities. Today, the internet is used for transferring critical information amongst sophisticated systems. These systems extend beyond one business organization to community of customers and suppliers. Consequently, today, vulnerabilities and risks to the Internet are equally relevant to systems that are integrated within corporate networks. Cloud Computing solutions, Supervisory Control and Data Acquisition (SCADA) systems and the Bring Your Own Device (BYOD) approach adopted by some organizations are examples of complexity of managing Internet security today. These systems are not only vulnerable to own system specific issues but also threatened by other Internet-related vulnerabilities. Whilst numerous previous studies have identified the need for managing Internet security, there remains a need for taking a strategic approach in security management of the Internet and sensitive Industrial Control Systems (ICS) integrated systems. This paper examines research on Internet security using a risk management approach. It presents an overview of key issues and recommends a management framework for secure Internet access.