|
The Proceedings of the Information Systems Education Conference 2007: §3154
Home
Papers/Indices
prev (§3153)
Next (§3155)
| | Sat, Nov 3, 9:00 - 9:25, Haselton 2 Paper (refereed)
| | Recommended Citation: Nnolim, A L and A L Steenkamp. An Architectural and Process Model Approach to Information Security Management. In The Proceedings of the Information Systems Education Conference 2007, v 24 (Pittsburgh): §3154. ISSN: 1542-7382. (A later version appears in Information Systems Education Journal 6(31). ISSN: 1545-679X.)
|
Recipient of Distinguished PhD Paper Award
|
| ![CDpic]("../../art/2009cdS.jpg") |
An Architectural and Process Model Approach to Information Security Management
| | Anene L. Nnolim [a1] [a2]
Lawrence Technological University [u1] [u2]
Southfield, Michigan, USA [c1] [c2]
Annette Lerine Steenkamp [a1] [a2]
College of Management
Lawrence Technological University [u1] [u2]
Southfield, Michigan, USA [c1] [c2]
|
This paper reports on part of a doctoral dissertation research project in information security management. One of the aims of the project is to develop an architectural framework and a process model, with supporting methodology that could enable integration of information security management with enterprise life cycle processes. Over the years, the focus of information security evolved from physical security of computer centers to securing information technology systems and networks, to securing business information systems. With the Internet, computers can communicate and share information with other computers outside organization’s networks. This meant that the existing security model was inadequate to meet the threats and challenges inherent in this new technology infrastructure. A new approach to information security management is needed to meet these security challenges. A meta model for the information security management viewpoint, developed in this research, includes various meta primitives, namely; business strategy and mission, security management goals and objectives, security management system, security management program, information security framework, security process improvement model with supporting methodology, and enterprise business systems. The elements of the architecture framework in this research are stakeholder, principles, purpose, level of abstraction, organization layer, context, representation scheme, modeling scheme, standards, and the required technology. An information security management process model in this research consists of four major phases, namely; planning, analysis and design, implementation, and operations and a process improvement sub-phase. Dissertation research results so far indicate a conceptual model that includes other security management models that are beyond the scope of this paper.
Keywords: information security management, architecture framework, security process model, security viewpoint, enterprise security, process improvement
Read this refereed paper in Adobe Portable Document (PDF) format. (24 pages, 1222 K bytes)
Preview this refereed paper in Plain Text (TXT) format. (64 K bytes)
Comments and corrections to
webmaster@isedj.org