Managing information security on a shoestring budget

IF 0.7 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS
V. Sridhar, B. Bhasker
{"title":"Managing information security on a shoestring budget","authors":"V. Sridhar, B. Bhasker","doi":"10.4018/978-1-59140-061-5.CH010","DOIUrl":null,"url":null,"abstract":"As organizations continue to deploy mission-critical, network-centric information systems, managing the security of such systems has become very critical. Building and managing such security infrastructure can be potentially very expensive, especially for small and medium-sized organizations. The Indian Institute of Management, Lucknow (IIML), the premier teaching and research business school in India, embarked on implementing a robust security management infrastructure with a limited budget on hand. The case examines, how IIML successfully implemented the security infrastructure by appropriately developing security policies and selecting a proper combination of freeware and proprietary software components. Since security management is not a one-time activity and uses intensive technology, a careful analysis is required to assess whether the maintenance of the security infrastructure can be done in-house or outsourced. The case illustrates the trade-offs involved and presents experiences of IIML in outsourcing the post-implementation phase to a Security Service Provider. The case also highlights the challenges organizations face while implementing freeware security products and outsourcing security services.","PeriodicalId":43384,"journal":{"name":"Journal of Cases on Information Technology","volume":"5 1","pages":"151-167"},"PeriodicalIF":0.7000,"publicationDate":"2003-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cases on Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/978-1-59140-061-5.CH010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 5

Abstract

As organizations continue to deploy mission-critical, network-centric information systems, managing the security of such systems has become very critical. Building and managing such security infrastructure can be potentially very expensive, especially for small and medium-sized organizations. The Indian Institute of Management, Lucknow (IIML), the premier teaching and research business school in India, embarked on implementing a robust security management infrastructure with a limited budget on hand. The case examines, how IIML successfully implemented the security infrastructure by appropriately developing security policies and selecting a proper combination of freeware and proprietary software components. Since security management is not a one-time activity and uses intensive technology, a careful analysis is required to assess whether the maintenance of the security infrastructure can be done in-house or outsourced. The case illustrates the trade-offs involved and presents experiences of IIML in outsourcing the post-implementation phase to a Security Service Provider. The case also highlights the challenges organizations face while implementing freeware security products and outsourcing security services.
以有限的预算管理信息安全
随着组织不断部署关键任务、以网络为中心的信息系统,管理这些系统的安全性变得非常关键。构建和管理这样的安全基础设施可能非常昂贵,特别是对于中小型组织。印度勒克瑙管理学院(IIML)是印度首屈一指的教学和研究商学院,在手头预算有限的情况下,开始实施一个强大的安全管理基础设施。本案例考察了IIML如何通过适当地开发安全策略和选择自由软件和专有软件组件的适当组合来成功地实现安全基础设施。由于安全管理不是一次性的活动,并且使用密集的技术,因此需要进行仔细的分析,以评估安全基础设施的维护是否可以在内部或外包完成。该案例说明了所涉及的权衡,并介绍了IIML将实现后阶段外包给安全服务提供商的经验。该案例还突出了组织在实施免费安全产品和外包安全服务时所面临的挑战。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Cases on Information Technology
Journal of Cases on Information Technology COMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
2.60
自引率
0.00%
发文量
64
期刊介绍: JCIT documents comprehensive, real-life cases based on individual, organizational and societal experiences related to the utilization and management of information technology. Cases published in JCIT deal with a wide variety of organizations such as businesses, government organizations, educational institutions, libraries, non-profit organizations. Additionally, cases published in JCIT report not only successful utilization of IT applications, but also failures and mismanagement of IT resources and applications.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信