A Multi-stage Methodology for Ensuring Appropriate Security Culture and Governance

2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI:10.1109/ARES.2010.118

S. Ghernaouti-Helie, I. Tashi, David Simms

{"title":"A Multi-stage Methodology for Ensuring Appropriate Security Culture and Governance","authors":"S. Ghernaouti-Helie, I. Tashi, David Simms","doi":"10.1109/ARES.2010.118","DOIUrl":null,"url":null,"abstract":"The assessment of the adequacy and appropriateness of the security infrastructure in place within an organization poses a significant challenge to those responsible for security management, those responsible for corporate compliance, and senior management who seek a reasonable balance between robust security and ease of use for legitimate users. The process of assessment, validation and improvement is continuous and follows a number of clearly defined steps, each of which builds on the comfort obtained from the previous one and which confirms the consistency of the measures in place with the overall strategy and policies, all the while referring to the specific context and requirements of the organization. This paper describes a framework for the assessment of security governance that can be applied to organizations in the public and private sectors with differing security cultures, discusses the methods of implementing, tailoring the methodology and evaluating the results of the analysis, details a number of critical success factors, and concludes with a case study from the manufacturing sector.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2010.118","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

The assessment of the adequacy and appropriateness of the security infrastructure in place within an organization poses a significant challenge to those responsible for security management, those responsible for corporate compliance, and senior management who seek a reasonable balance between robust security and ease of use for legitimate users. The process of assessment, validation and improvement is continuous and follows a number of clearly defined steps, each of which builds on the comfort obtained from the previous one and which confirms the consistency of the measures in place with the overall strategy and policies, all the while referring to the specific context and requirements of the organization. This paper describes a framework for the assessment of security governance that can be applied to organizations in the public and private sectors with differing security cultures, discusses the methods of implementing, tailoring the methodology and evaluating the results of the analysis, details a number of critical success factors, and concludes with a case study from the manufacturing sector.

查看原文本刊更多论文

确保适当的安全文化和治理的多阶段方法

对组织内安全基础设施的充分性和适当性进行评估，对负责安全管理的人员、负责公司遵从性的人员以及寻求在健壮的安全性和合法用户的易用性之间取得合理平衡的高级管理人员提出了重大挑战。评估、确认和改进的过程是连续的，遵循一些明确定义的步骤，每一个步骤都建立在前一个步骤的基础上，并确认现有措施与总体战略和政策的一致性，同时参考组织的具体情况和要求。本文描述了一个安全治理评估框架，该框架可应用于具有不同安全文化的公共和私营部门的组织，讨论了实施方法、裁剪方法和评估分析结果的方法，详细介绍了一些关键的成功因素，并以制造业的一个案例研究作为结论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 International Conference on Availability, Reliability and Security

自引率

0.00%

发文量