PFIRES: A Policy Framework for Information Security
Author
E. Spafford, J. Rees, S. Bandyopadhyay
Tech report number
CERIAS TR 2003-35
Abstract
As organizations increasingly rely on information systems as the primary
way to conduct operations, keeping such systems (and the associated data) secure receives increasing emphasis. However, the prevalent model within many organizations appears to be an ad hoc approach to security, where the latest breach becomes the model for future occurrences. For example, Microsoft issued over 80 critical patches for its IIS Web Server software over the past three years. Despite the low initial cost of the software, the maintenance costs over time are prohibitive [2]. A well-designed
and maintained security policy potentially can reduce such costly forays, as well as provide protection from disaster.
Journal
Communications of the ACM
Publication Date
2003-07-01
Contents
1. Information Security Policy
2. A Policy Framework for Interpreting
Risk in E-Business Security
3. Assess Phase
4. Plan Phase
5. The Deliver Phase
6. Operate Phase
7. The Future
Location
A hard-copy of this is in the CERIAS Library