Addressing dynamic issues in information security management
Abstract
Purpose
The purpose of this paper is to address three main problems resulting from uncertainty in information security management: dynamically changing security requirements of an organization; externalities caused by a security system; and obsolete evaluation of security concerns.
Design/methodology/approach
In order to address these critical concerns, a framework based on options reasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture and decision making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy.
Findings
The paper shows through three examples that it is possible to have a coherent methodology, building on options theory to deal with uncertainty issues in information security at an organizational level.
Practical implications
To validate the efficacy of the methodology proposed in this paper, it was applied to the Spridnings‐och Hämtningssystem (SHS: dissemination and retrieval system) system. The paper introduces the methodology, presents its application to the SHS system in detail and compares it to the current practice.
Originality/value
This research is relevant to information security management in organizations, particularly issues on changing requirements and evaluation in uncertain circumstances created by progress in technology.
Keywords
Citation
Abbas, H., Magnusson, C., Yngstrom, L. and Hemani, A. (2011), "Addressing dynamic issues in information security management", Information Management & Computer Security, Vol. 19 No. 1, pp. 5-24. https://doi.org/10.1108/09685221111115836
Publisher
:Emerald Group Publishing Limited
Copyright © 2011, Emerald Group Publishing Limited