Issue No.03 - May/June (2007 vol.5)
M. Eric Johnson , Center for Digital Strategies, Tuck School of Business at Dartmouth College
Eric Goetz , Institute for Information Infrastructure Protection (13P) at Dartmouth College
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.59
Risk and business have always been inseparable, but new information security risks pose unknown challenges. How should firms organize and manage to improve enterprise security? Here, the authors describe how CISOs are working to build secure organizations.
security, organizational security, building security in, CISOs, information security risks
M. Eric Johnson, Eric Goetz, "Embedding Information Security into the Organization", IEEE Security & Privacy, vol.5, no. 3, pp. 16-24, May/June 2007, doi:10.1109/MSP.2007.59