A Methodology for Managing Information-Based Risk
IF 1.1
Q3 INFORMATION SCIENCE & LIBRARY SCIENCE
引用次数: 17
Abstract
Organizations often think of information security as a technological issue best left to technical specialists. While many security strategies undoubtedly rely on hardware and software solutions, the management processes surrounding security and the ongoing commitment of business and operations managers to security issues are no less important. In this paper we discuss a three-phase methodology for managing information-based risks, and present results of how a large money center bank implemented the methodology at numerous locations around the world. Our discussion focuses on the methodology, the implementation process, the results, and how similar efforts can be used in designing management processes to improve the security of information assets.基于信息的风险管理方法
组织通常认为信息安全是最好留给技术专家的技术问题。虽然许多安全策略无疑依赖于硬件和软件解决方案,但围绕安全性的管理流程以及业务和运营经理对安全问题的持续承诺同样重要。在本文中,我们讨论了管理基于信息的风险的三阶段方法,并介绍了一家大型货币中心银行如何在世界各地许多地方实施该方法的结果。我们的讨论重点是方法论、实现过程、结果,以及如何在设计管理过程中使用类似的工作来改进信息资产的安全性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文
求助全文
来源期刊
Information Resources Management Journal
INFORMATION SCIENCE & LIBRARY SCIENCE-
CiteScore
3.60
自引率
7.10%
发文量
44
期刊介绍:
Topics should be drawn from, but not limited to, the following areas, with major emphasis on the managerial and organizational aspects of information resource and technology management: •Application of IT to operation •Artificial intelligence and expert systems technologies and issues •Business process management and modeling •Data warehousing and mining •Database management technologies and issues •Decision support and group decision support systems •Distance learning technologies and issues •Distributed software development •E-collaboration •Electronic commerce technologies and issues •Electronic government •Emerging technologies management
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
