Information Security Management: Global Challenges in the New Millennium - Softcover

About the Author

###############################################################################################################################################################################################################################################################

Excerpt. © Reprinted by permission. All rights reserved.

My mission in editing a book in the area of information security management was to bring together diverse views on the subject and yet be able to build an argument. Indeed it has been possible to achieve this objective. The chapters in this book are representative of various points of view and challenges in managing information security. Practically all of the contributions in this volume acknowledge that focusing on one particular view falls short of developing a coherent strategy for information security management. Personally this has been a very enriching experience. Many of the contentions in this book seem to either resonate or build upon the arguments presented in my previous research.

I have always considered management of information security to be broader in scope than just focusing on the technological means to achieve a secure state. I have argued elsewhere that an inadequate understanding of the business environment, expectations and obligations of different roles and meanings ascribed to different actions are the precursors to system integrity problems. Further, a lack of system integrity is also a cause of computer-related frauds and crimes. In the information age, therefore, it is important to maintain the integrity of the information systems in place and the associated management processes.

The book is organized into 12 chapters. A brief description of each of the chapters is as follows:

Chapter 1 identifies the existing challenges in the management of information security in the new millennium. The chapter sets the scene for discussions presented by various authors. In particular the chapter identifies the global orientation of businesses and the related problems with managing information security. It also identifies the importance of establishing security policies, structures of responsibility and disaster recovery plans.

Chapter 2 establishes the need for a security policy and presents a sample structure that may be used to develop such a policy. The authors of this chapter contend that by investing in the development of a security policy, a business organization ensures the highest level of protection against all sorts of threats.

Chapter 3 takes philosophical orientation, and debates about the rights and wrongs in the information age. The author examines some challenges in ethical management of information technology resources. The overall aim of the chapter is to consider moral issues pertaining to computer use and misuse and articulate methods of thinking through various concerns.

Chapter 4 reviews the ethical elements of security such that trust could be promoted in electronic commerce. The authors argue that trust raises confidence and hence business reputation, which is so important when engaging in on-line transactions. They further suggest that importance be paid to developing ethical policies.

Chapter 5 reviews the information security threats posed by international terrorist organizations. The authors classify the competence of terrorist outfits to engage in cyber-terrorism into six levels and identify the increased vulnerability of the information and communication networks.

Chapter 6 presents an analysis of issues and concerns in managing computer-related fraud. The author grounds her arguments in the British National Health Services and address the issue of prescription fraud. The author contends that in order to manage computer-related frauds, one needs to consider technological 'solutions' in their broader context and assess the impact of social and political factors on a business process.

Chapter 7 addresses the issue of disaster recovery planning, with particular reference to Ireland. Based on a survey, the authors suggest that there seems to be reluctance on the part of the organizations to fully commit to the provisions of a workable disaster recovery plan. In most cases although there may be a few elements of the plan in place, little emphasis has been placed on drawing them together into a coherent policy.

Chapter 8 analyses and compares recent approaches for development of secure information systems. The author systematically reviews the philosophical assumptions and presents gaps and problems in each of the current approaches. A systematic position for future research and practice is then established.

Chapter 9 reviews issues surrounding e-business security. The authors argue that it is possible to maintain Internet security and hence facilitate e-businesses, if adequate importance is placed on technical security measures. The authors present an array of technical tools and techniques that help in achieving this purpose.

Chapter 10 discusses generic concepts of compliance monitoring for anomaly detection systems. The author contends that with the emergence of electronic commerce, focus on security and compliance issues is important, if integrity of business transactions is to be maintained.

Chapter 11 presents the notion of 'intelligent agents', which is a technical means to information handling. The authors, following their identification of various security concerns, identify the role agent technology can play in security management.

Chapter 12 concludes and presents principles necessary for managing information security in the new millennium. The principles are classified into three categories, - pragmatic, formal and technical.