Information Security Optimization: From Theory to Practice

2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI:10.1109/ARES.2009.106

David Simms

{"title":"Information Security Optimization: From Theory to Practice","authors":"David Simms","doi":"10.1109/ARES.2009.106","DOIUrl":null,"url":null,"abstract":"Organizations face a significant challenge in designing and implementing appropriate information security measures. There are many sources of guidance on good and best practice relating to platforms, architectures and industries, but this guidance needs to be interpreted in the context of the specific risks faced by the organization, the desire to mitigate those risks, and the requirements for user friendliness, system performance and system availability driven by the user community. The process of identifying, justifying, implementing and maintaining the correct balance between security and ease of access for authorized users requires careful consideration at a number of phases, including the assessment of risks, the identification of appropriate standards, the definition of policies and the education of users, and organizations also need to implement mechanisms for the regular and effective review and update of the measures taken. This paper discusses the issues involved in implementing an optimized information security policy, the common pitfalls encountered by organizations in this respect, and presents an outline framework for such implementations.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2009.106","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Organizations face a significant challenge in designing and implementing appropriate information security measures. There are many sources of guidance on good and best practice relating to platforms, architectures and industries, but this guidance needs to be interpreted in the context of the specific risks faced by the organization, the desire to mitigate those risks, and the requirements for user friendliness, system performance and system availability driven by the user community. The process of identifying, justifying, implementing and maintaining the correct balance between security and ease of access for authorized users requires careful consideration at a number of phases, including the assessment of risks, the identification of appropriate standards, the definition of policies and the education of users, and organizations also need to implement mechanisms for the regular and effective review and update of the measures taken. This paper discusses the issues involved in implementing an optimized information security policy, the common pitfalls encountered by organizations in this respect, and presents an outline framework for such implementations.

查看原文本刊更多论文

信息安全优化:从理论到实践

组织在设计和实现适当的信息安全措施方面面临着重大挑战。关于与平台、体系结构和行业相关的良好实践和最佳实践的指导有许多来源，但是这些指导需要在组织所面临的特定风险、减轻这些风险的愿望以及由用户社区驱动的用户友好性、系统性能和系统可用性的需求的上下文中进行解释。确定、证明、实施和维持授权用户的安全和方便访问之间的正确平衡的过程需要在若干阶段进行仔细考虑，包括评估风险、确定适当的标准、确定政策和教育用户，各组织还需要实施定期和有效审查和更新所采取措施的机制。本文讨论了实现优化的信息安全策略所涉及的问题，组织在这方面遇到的常见陷阱，并提出了此类实现的大纲框架。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 International Conference on Availability, Reliability and Security

自引率

0.00%

发文量