Title: Balanced Design in Information Systems Security Planning

Year of Publication: Dec - 2014
Page Numbers: 110-120
Authors: Daniel A. Stern
Conference Name: The International Conference in Information Security and Digital Forensics (ISDF2014)
- Greece


Information security is traditionally understood to involve technical security measures, such as intrusion prevention systems, to establish a secure perimeter around an organization’s sensitive information. Threats, then, are any potential attack on that secure perimeter with the intent of either obtaining unauthorized access or damaging availability or information. With modern organizations using tools to allow every employee to access information, and even allowing employees to control access restrictions on sensitive information, information security managers must expand their information security program to educate personnel and establish a culture of security. The expanded information systems security program must address technical, policy, standards and norms, education and cultural initiatives.