{"title":"资讯保安及保障策略规划","authors":"D. Port, R. Kazman, Ann Takenaka","doi":"10.1109/ISA.2008.88","DOIUrl":null,"url":null,"abstract":"Dealing with risk is critical to the success of any information security and assurance endeavor. With society's ever-increasing dependence on large-scale information systems, dealing with security risk is a topic of considerable importance and attention. It is generally infeasible to provide \"total security\" for any information system. As a result, successful risk management must be strategically planned with regard to desired assurance levels and costs. In this paper we define the practices associated with strategic planning for managing information security and assurance. We provide a concrete and practical approach for generating such strategic plans that is provably optimal and robust.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Strategic Planning for Information Security and Assurance\",\"authors\":\"D. Port, R. Kazman, Ann Takenaka\",\"doi\":\"10.1109/ISA.2008.88\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Dealing with risk is critical to the success of any information security and assurance endeavor. With society's ever-increasing dependence on large-scale information systems, dealing with security risk is a topic of considerable importance and attention. It is generally infeasible to provide \\\"total security\\\" for any information system. As a result, successful risk management must be strategically planned with regard to desired assurance levels and costs. In this paper we define the practices associated with strategic planning for managing information security and assurance. We provide a concrete and practical approach for generating such strategic plans that is provably optimal and robust.\",\"PeriodicalId\":212375,\"journal\":{\"name\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISA.2008.88\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Information Security and Assurance (isa 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISA.2008.88","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Strategic Planning for Information Security and Assurance
Dealing with risk is critical to the success of any information security and assurance endeavor. With society's ever-increasing dependence on large-scale information systems, dealing with security risk is a topic of considerable importance and attention. It is generally infeasible to provide "total security" for any information system. As a result, successful risk management must be strategically planned with regard to desired assurance levels and costs. In this paper we define the practices associated with strategic planning for managing information security and assurance. We provide a concrete and practical approach for generating such strategic plans that is provably optimal and robust.