Improving Assurance of Information Security Rol
Changing business expectations of information infrastructures have imposed new demands on security architectures. Established technocenthc perimeter-oriented security architectures are yielding ground to business-driven deperimeterised architectures that assume extensive information and resource sharing and global virtualisation. These changes provide the opportunity to take a new approach to security architecture specification, based at its highest level not on costing of reactive countermeasures to current technical threats, but on priontising the allocation of resources to robustly and proactively protect business information assets against business-oriented exposures. This permits tighter specification of both requirements and budgeting with a concomitant improvement in Rol, but depends on a new approach to management described here.
KeywordsBusiness Process Information Security Enterprise Architecture Security Architecture Business Structure
Unable to display preview. Download preview PDF.
- [Zach99]Zachman, JA: A Framework for Information Systems Architecture. In: IBM Systems Journal, IBM, 1999, p. 454–470.Google Scholar
- [KaST99]Kahneman, D Slovic, P Tversky, A: Judgement under Uncertainty: Heuristics and Biases. Cambridge University Press, 1999, p. 422–444.Google Scholar
- [MoHe9O]Morgan, MG and Henrion M: Uncertainty. Cambridge University Press, 1990, p. 56–60.Google Scholar
- [Gord94]Gordon, TJ: The Delphi Method. Futures Group AC/UNU Millennium Project, 1994.Google Scholar