Managing information systems security: a soft approach

Abstract

The increasing rate of reported computer security problems suggests that the highly structured and technical traditional approaches to the management of IS security do not appear to be successful. This paper presents the Orion Strategy, a participative approach to the planning and management of information security in organisations. The details of this approach are discussed along with an overview of its pilot implementation within an Australian organisation. The findings from the study indicate that a high level of user participation in the planning and management of security results in raised awareness of security issues and an ownership of responsibility for the successful operations of chosen security measures.