Skip to main content
SpringerLink
Log in

An Information Engineering Methodology for the Security Strategy Planning

  • Conference paper
Computational Science and Its Applications – ICCSA 2004 (ICCSA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Included in the following conference series:

Abstract

The successful management of information security within an organization is vital to its survival and success. But, previous researches and methodologies on ISP(Information Strategy Planning) do not take security controls into consideration in strategy planning. This paper answers on difficult problems that organizations face in business environments when they try to develop strategy plans for information security by providing a methodology framework, process model and essential tools.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baker, B.: The Role of Feedback in Assessing Information Systems Planning Effectiveness. Journal of Strategic Information Systems 4(1), 61–80 (1995)

    Article  Google Scholar 

  2. Bayle, A.J.: Security in Open System Networks: A Tutorial Survey. Information Age 10(3) (1988)

    Google Scholar 

  3. Brannback, Malin, Effective Strategic Market Management with Knowledge-based Support Systems, Institute for Advanced Management Systems Research (1993)

    Google Scholar 

  4. Checkland, Peter: Systems Thinking, Systems Practice. John Wiley & Sons (1981)

    Google Scholar 

  5. Earl, M.J.: Experience in Strategic Information Systems Planning, MIS Quarterly (1993)

    Google Scholar 

  6. Fine, Leonard, H.: Computer Security - A Handbook for Management. William Heinemann (1983)

    Google Scholar 

  7. Fites, et al.: Controls and Security of Computer Information Systems. Computer Science Press (1989)

    Google Scholar 

  8. Hutt, A.E.: Management’s Roles in Computer Security. In: Computer Security Handbook, Macmillan Publishing Company, Basingstoke (1988)

    Google Scholar 

  9. ISO13335, Information Technology - Guidelines for the Management of IT Security, International Organization for Standardization (1996)

    Google Scholar 

  10. Dongook, J.: A Study on Development of TO-BE Enterprise Model for Information Strategy Planning, Master Thesis, Yonsei University (2000)

    Google Scholar 

  11. Bob, K.J.: The Risk Analysis and Management for Information System Using CRAMM, Master Thesis, KAIST (1996)

    Google Scholar 

  12. Lederer, A.L., Sethi, V.: Key Prescriptions for Strategic Information Systems Planning. Journal of Management Information Systems 13(1), 35–62 (1996)

    Google Scholar 

  13. Seong, L.C., Kim, S.: Introduction to an Integrated Methodology for Development and Implementation of Enterprise Information Systems. Journal of Systems and Software 60(3), 249–261 (2002)

    Article  Google Scholar 

  14. Li, D.H.: Controls in a Computer Environment: Objectives, Guidelines, and Audit Procedures, EDP Auditors Foundation (1983)

    Google Scholar 

  15. Madnick, S.E.: Management Policies and Procedures Needed for Effective Computer Security. Sloan Management Review 19(3) (1978)

    Google Scholar 

  16. March, S.T., Smith, G.F.: Design and Natural Science Research on Information Technology, Decision Support Systems, No. 15 (1995)

    Google Scholar 

  17. Swanson, M.: Guide for Developing Security Plans for Information Technology Systems, NIST Special Publication 800-18, NIST (1998)

    Google Scholar 

  18. James, M.: Information Engineering. Prentice-Hall, Englewood Cliffs (1989)

    Google Scholar 

  19. Kevin, M., Len, W.: Evolution of a UK-sponsored Risk Analysis Methodology. IS Audit & Control Journal 3 (1996)

    Google Scholar 

  20. NIST, An introduction to computer security: the NIST handbook, NIST (1995)

    Google Scholar 

  21. Nolan, R.L.: Managing the Computer Resources: A Stage Hypothesis. Communications of the ACM 16(7) (1973)

    Google Scholar 

  22. Porter Michael, E.: How Competitive Forces Shape Strategy, Harvard Business Review, vol. 57 (1979)

    Google Scholar 

  23. Gerald, P.V., David, D.J.: A Stochastic Dominance Approach to Risk Analysis of Computer Systems. MIS Quarterly 10(4) (1986)

    Google Scholar 

  24. Rex Jr., R.K., Charles, S.A., Houston, C.H.: Risk Analysis for Information Technology. Journal of Management Information Systems 8(1) (1991)

    Google Scholar 

  25. Vallabhaneni, R.: CISSP Examination Textbooks. SRV Professional Publications (2000)

    Google Scholar 

  26. Krutz, R.L., Vines, R.D.: The CISSP Prep Guide: Mastering the Ten Domains of Computer Security. John Wiley & Sons, Chichester (2001)

    Google Scholar 

  27. Sage, A.P.: Systems Engineering. John Wiley & Sons, New York (1992)

    Google Scholar 

  28. Schweitzer, J.A.: Protecting Information in the Electronic Workplace: A Guide for Managers. Reston Publishing Company (1983)

    Google Scholar 

  29. Peltier, T.R.: Information Security Policies and Procedures, Auerbach (1999)

    Google Scholar 

  30. Ron, W.: EDP Audting: Conceptual Foundations and Practice. McGraw-Hill, New York (1988)

    Google Scholar 

  31. Duncan, W.R.: A Guide to the Project Management Body of Knowledge, PMI (1996)

    Google Scholar 

  32. Zachman, J.A.: A Framework for Information Systems Architecture. IBM Systems Journal 26(3) (1987)

    Google Scholar 

  33. Zani, W.M.: Blueprint for MIS. Harvard Business Review 48(6), 95–100 (1970)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Somansa, Telson B/D, 949-3, Dokok-Dong, Kangnam-Gu, Seoul, 135-270, South Korea

    Sangkyun Kim

  2. Department of Computer and Industrial Engineering, Yonsei University, 134, Shinchon-Dong, Seodaemoon-Gu, Seoul, 129-749, South Korea

    Choon Seong Leem

Authors
  1. Sangkyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Choon Seong Leem
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S., Leem, C.S. (2004). An Information Engineering Methodology for the Security Strategy Planning. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_71

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_71

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation