Book description
Responsive Security: Be Ready to Be Secure explores the challenges, issues, and dilemmas of managing information security risk, and introduces an approach for addressing concerns from both a practitioner and organizational management standpoint. Utilizing a research study generated from nearly a decade of action research and real-time experience, this book introduces the issues and dilemmas that fueled the study, discusses its key findings, and provides practical methods for managing information security risks. It presents the principles and methods of the responsive security approach, developed from the findings of the study, and details the research that led to the development of the approach.
- Demonstrates the viability and practicality of the approach in today’s information security risk environment
- Demystifies information security risk management in practice, and reveals the limitations and inadequacies of current approaches
- Provides comprehensive coverage of the issues and challenges faced in managing information security risks today
The author reviews existing literature that synthesizes current knowledge, supports the need for, and highlights the significance of the responsive security approach. He also highlights the concepts, strategies, and programs commonly used to achieve information security in organizations.
Responsive Security: Be Ready to Be Secure
examines the theories and knowledge in current literature, as well as the practices, related issues, and dilemmas experienced during the study. It discusses the reflexive analysis and interpretation involved in the final research cycles, and validates and refines the concepts, framework, and methodology of a responsive security approach for managing information security risk in a constantly changing risk environment.Table of contents
- Cover
- Half Title
- Title
- Copyright
- Contents
- List of Figures
- List of Tables
- List of Abbreviations
- Preface
- Acknowledgments
- Author
- 1 Introduction
-
2 Knowledge, Issues, and Dilemmas
- 2.1 Introduction
- 2.2 Information Security
- 2.3 Principles and Approaches
- 2.4 Information Security Risk Management Strategy
- 2.5 Information Security Program
- 2.6 Responding to Change
- 2.7 Current Research and Social Perspectives
- 2.8 Conclusion
- Endnotes
-
3 Practice, Issues, and Dilemmas
-
3.1 Information Risk Management (IRM) Practices
- 3.1.1 Organization and Management Commitments
- 3.1.2 Culture of Compliance and Control-Oriented Risk Management
- 3.1.3 Theory of Action and Theory in Use
- 3.1.4 Risk of Habituation
- 3.1.5 Information Risk Management Organization
- 3.1.6 Responding to Security Incidents
- 3.1.7 Uncertainties in Information Security Risk Analysis and Management
- 3.1.8 Causal Analysis of Information Security Systems
- 3.1.9 Summary of Issues and Dilemmas
-
3.2 Social–Technical Approach
-
3.2.1 Model A Approach
- 3.2.1.1 Addressing Theories of Actions of IRMs and Other Managers
- 3.2.1.2 Addressing Auditors’ Theories of Actions
- 3.2.1.3 Competency and Trust
- 3.2.1.4 Five-Level Action Map (FLAM)
- 3.2.1.5 Combining Social and Technical Aspects of Information Security Risk Management Systems
- 3.2.1.6 Communicating Information Security Risk Status
- 3.2.1.7 Limitations of New IRM Systems
- 3.2.1.8 Learning through Model A Approach
- 3.2.2 Model B Approach
- 3.2.3 Summary of Issues and Dilemmas and Research Outcome
- Endnotes
-
3.2.1 Model A Approach
-
3.1 Information Risk Management (IRM) Practices
-
4 Responsive Security
- 4.1 Piezoelectric Metaphor
- 4.2 BETA’s Approach to Emerging Risks and Attacks
- 4.3 Learning from Tsunami Incident
- 4.4 Revealing Uncertainties and Making Risks Visible
- 4.5 Responsive, Reactive, and Proactive Strategies
- 4.6 Criticality Alignment
- 4.7 Testing Responsive Approach at GAMMA
- 4.8 Learning from Antinny Worm Case Study
- 4.9 Refining Responsive Approach
- 4.10 Responsive Learning
- Endnotes
- 5 Conclusions and Implications
- Appendix A: Action Research Cycles
- Appendix B: Dialectic Model of Systems Inquiry (DMSI)
- Appendix C: Framework for Information Risk Management
- References
- Index
Product information
- Title: Responsive Security
- Author(s):
- Release date: September 2017
- Publisher(s): CRC Press
- ISBN: 9781351381291
You might also like
book
Cyber-Vigilance and Digital Trust
Cyber threats are ever increasing. Adversaries are getting more sophisticated and cyber criminals are infiltrating companies …
book
Security Metrics: Replacing Fear, Uncertainty, and Doubt
The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security Operations Security Metrics is the …
book
Securing the Virtual Environment: How to Defend the Enterprise Against Attack, Included DVD
A step-by-step guide to identifying and defending against attacks on the virtual environment As more and …
book
Managing Risk and Information Security: Protect to Enable
Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment …