The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May/June (2008 vol.12)
pp: 22-30
Kasia Muldner , University of British Columbia
Kirstie Hawkey , University of British Columbia
ABSTRACT
IT security professionals' effectiveness in an organization is influenced not only by how usable their security management tools are but also by how well the organization's security management model (SMM) fits. Finding the right SMM is critical but can be challenging — trade-offs are inherent to each approach, but their implications aren't always clear. The authors present a case study of one academic institution that created a centralized security team but disbanded it in favor of a more distributed approach three years later. They contrast these experiences with expectations from industry standards.
INDEX TERMS
Internet security, security management models, computer security professionals
CITATION
Kasia Muldner, Kirstie Hawkey, "Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs", IEEE Internet Computing, vol.12, no. 3, pp. 22-30, May/June 2008, doi:10.1109/MIC.2008.61
REFERENCES
1. D.A. Siegel, B. Reid, and S.M. Dray, "IT Security: Protecting Organizations in Spite of Themselves," Interactions, May/June 2006, pp. 20–27.
2. A. Brown and G.G. Grant, "Framing the Frameworks: A Review of IT Governance Research," Comm. of the Assoc. for Information Systems, vol. 15, 2005, pp. 696–712.
3. Information Technology Security Techniques —Code of Practice for Information Security Management, International Standards Organization, 2005; www.iso.org/iso/iso_catalogue/catalogue_tc catalogue_detail.htm?csnumber=50297.
4. G. Killcrece et al., Organizational Models for Computer Security Incident Response Teams (CSIRTS), tech. report CMU/SEI-2003-HB-001 ADA421684, Software Eng. Institute, Carnegie Mellon Univ., 2003; www.sei.cmu.edu/publications/documents/03.reports 03hb001.html.
5. D. Botta et al., "Toward Understanding IT Security Professionals and Their Tools," Proc. Symp. Universal Privacy and Security, ACM Int'l Conf. Proc. Series, vol. 229, 2007, pp. 100–111.
6. K. Hawkey, K. Muldner, and K. Beznosov, Searching for the Right Fit: A Case Study of IT Security Management Model Trade-Offs, tech. report LERSSE-TR-2007-03, Laboratory for Education and Research in Secure Systems Eng., Univ. of British Columbia, 2007; http://lerssedl.ece.ubc.casearch.py?recid=139 .
7. D.M. Wegner, "Transactive Memory: A Contemporary Analysis of the Group Mind," Theories of Group Behavior, B. Mullen and G.R. Goethals, eds., Springer-Verlag, 1986, pp. 185–208.
8. D. Lewis, "IT Governance: Stop the Pendulum!" Computer World,12 Jan. 2004; www.computerworld.com/managementtopics/management/ story0,10801,88888,00.html.
62 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool