The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

PFIRES: A Policy Framework for Information Security

Download

Download PDF Document
PDF

Author

E. Spafford, J. Rees, S. Bandyopadhyay

Tech report number

CERIAS TR 2003-35

Entry type

article

Abstract

As organizations increasingly rely on information systems as the primary way to conduct operations, keeping such systems (and the associated data) secure receives increasing emphasis. However, the prevalent model within many organizations appears to be an ad hoc approach to security, where the latest breach becomes the model for future occurrences. For example, Microsoft issued over 80 critical patches for its IIS Web Server software over the past three years. Despite the low initial cost of the software, the maintenance costs over time are prohibitive [2]. A well-designed and maintained security policy potentially can reduce such costly forays, as well as provide protection from disaster.

Download

PDF

Date

2003 – 07

Journal

Communications of the ACM

Key alpha

PFIRES

Number

7

Pages

101-106

Publisher

ACM

Volume

46

Publication Date

2003-07-01

Contents

1. Information Security Policy 2. A Policy Framework for Interpreting Risk in E-Business Security 3. Assess Phase 4. Plan Phase 5. The Deliver Phase 6. Operate Phase 7. The Future

Copyright

2003 ACM

Language

English

Location

A hard-copy of this is in the CERIAS Library

Subject

PFIRES

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.