A Context for Information Systems Security Planning

Get BibTex-formatted data

Author

Charles Cresson Wood

Entry type

article

Abstract

Management is often dissatisfied with the performance of many information security efforts. After investment of considerable resources, and prolonged waiting for results, many efforts can demonstrate little if any significant improvement. This is largely due to a lack of planning. Many efforts lack explicitly articulated plans as well as specific performance milestones. Although many are loathe to admit it, information security efforts at many organizations lack formal planning and performance monitoring..... This article examines why information security efforts are often ineffective and why more formal planning efforts can alleviate this condition. It discusses tools best usedto prepare an action plan for information security and gives some tips on how to sell such a plan to management. Also discussed are organizational design, policies, standards, and guidelines and other elements of a foundation that is required if an effective information security planning process is to be sustained. The article dwells on the establishment of a context for effective information security planning.

Date

1988

Address

Elsevier Science Publishers Ltd.

Institution

Computers and Security

Key alpha

Wood

Number

Pages

455-465

Volume

Publication Date

0000-00-00

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Wood,
	title = "A Context for Information Systems Security Planning",
	author = "Charles Cresson Wood",
	year = "1988",
	address = "Elsevier Science Publishers Ltd.",
	institution = "Computers and Security",
	number = "5",
	pages = "455-465",
	volume = "7",
	abstract = "Management is often dissatisfied with the performance of many information
security efforts. After investment of considerable resources, and prolonged
waiting for results, many efforts can demonstrate little if any significant
improvement. This is largely due to a lack of planning. Many efforts lack
explicitly articulated plans as well as specific performance milestones.
Although many are loathe to admit it, information security efforts at many
organizations lack formal planning and performance monitoring.....
This article examines why information security efforts are often
ineffective and why more formal planning efforts can alleviate this condition.
It discusses tools best usedto prepare an action plan for information security
and gives some tips on how to sell such a plan to management. Also discussed
are organizational design, policies, standards, and guidelines and other
elements of a foundation that is required if an effective information
security planning process is to be sustained. The article dwells on the
establishment of a context for effective information security planning.",
}