Managing information security on a shoestring budget

IF 0.7 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Cases on Information Technology Pub Date : 2003-01-01 DOI:10.4018/978-1-59140-061-5.CH010

V. Sridhar, B. Bhasker

{"title":"Managing information security on a shoestring budget","authors":"V. Sridhar, B. Bhasker","doi":"10.4018/978-1-59140-061-5.CH010","DOIUrl":null,"url":null,"abstract":"As organizations continue to deploy mission-critical, network-centric information systems, managing the security of such systems has become very critical. Building and managing such security infrastructure can be potentially very expensive, especially for small and medium-sized organizations. The Indian Institute of Management, Lucknow (IIML), the premier teaching and research business school in India, embarked on implementing a robust security management infrastructure with a limited budget on hand. The case examines, how IIML successfully implemented the security infrastructure by appropriately developing security policies and selecting a proper combination of freeware and proprietary software components. Since security management is not a one-time activity and uses intensive technology, a careful analysis is required to assess whether the maintenance of the security infrastructure can be done in-house or outsourced. The case illustrates the trade-offs involved and presents experiences of IIML in outsourcing the post-implementation phase to a Security Service Provider. The case also highlights the challenges organizations face while implementing freeware security products and outsourcing security services.","PeriodicalId":43384,"journal":{"name":"Journal of Cases on Information Technology","volume":"5 1","pages":"151-167"},"PeriodicalIF":0.7000,"publicationDate":"2003-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cases on Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/978-1-59140-061-5.CH010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 5

Abstract

As organizations continue to deploy mission-critical, network-centric information systems, managing the security of such systems has become very critical. Building and managing such security infrastructure can be potentially very expensive, especially for small and medium-sized organizations. The Indian Institute of Management, Lucknow (IIML), the premier teaching and research business school in India, embarked on implementing a robust security management infrastructure with a limited budget on hand. The case examines, how IIML successfully implemented the security infrastructure by appropriately developing security policies and selecting a proper combination of freeware and proprietary software components. Since security management is not a one-time activity and uses intensive technology, a careful analysis is required to assess whether the maintenance of the security infrastructure can be done in-house or outsourced. The case illustrates the trade-offs involved and presents experiences of IIML in outsourcing the post-implementation phase to a Security Service Provider. The case also highlights the challenges organizations face while implementing freeware security products and outsourcing security services.

查看原文本刊更多论文

以有限的预算管理信息安全

随着组织不断部署关键任务、以网络为中心的信息系统，管理这些系统的安全性变得非常关键。构建和管理这样的安全基础设施可能非常昂贵，特别是对于中小型组织。印度勒克瑙管理学院(IIML)是印度首屈一指的教学和研究商学院，在手头预算有限的情况下，开始实施一个强大的安全管理基础设施。本案例考察了IIML如何通过适当地开发安全策略和选择自由软件和专有软件组件的适当组合来成功地实现安全基础设施。由于安全管理不是一次性的活动，并且使用密集的技术，因此需要进行仔细的分析，以评估安全基础设施的维护是否可以在内部或外包完成。该案例说明了所涉及的权衡，并介绍了IIML将实现后阶段外包给安全服务提供商的经验。该案例还突出了组织在实施免费安全产品和外包安全服务时所面临的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Cases on Information Technology COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

2.60

自引率

0.00%

发文量

期刊介绍： JCIT documents comprehensive, real-life cases based on individual, organizational and societal experiences related to the utilization and management of information technology. Cases published in JCIT deal with a wide variety of organizations such as businesses, government organizations, educational institutions, libraries, non-profit organizations. Additionally, cases published in JCIT report not only successful utilization of IT applications, but also failures and mismanagement of IT resources and applications.