资讯保安及保障策略规划

2008 International Conference on Information Security and Assurance (isa 2008) Pub Date : 2008-04-24 DOI:10.1109/ISA.2008.88

D. Port, R. Kazman, Ann Takenaka

{"title":"资讯保安及保障策略规划","authors":"D. Port, R. Kazman, Ann Takenaka","doi":"10.1109/ISA.2008.88","DOIUrl":null,"url":null,"abstract":"Dealing with risk is critical to the success of any information security and assurance endeavor. With society's ever-increasing dependence on large-scale information systems, dealing with security risk is a topic of considerable importance and attention. It is generally infeasible to provide \"total security\" for any information system. As a result, successful risk management must be strategically planned with regard to desired assurance levels and costs. In this paper we define the practices associated with strategic planning for managing information security and assurance. We provide a concrete and practical approach for generating such strategic plans that is provably optimal and robust.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Strategic Planning for Information Security and Assurance\",\"authors\":\"D. Port, R. Kazman, Ann Takenaka\",\"doi\":\"10.1109/ISA.2008.88\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Dealing with risk is critical to the success of any information security and assurance endeavor. With society's ever-increasing dependence on large-scale information systems, dealing with security risk is a topic of considerable importance and attention. It is generally infeasible to provide \\\"total security\\\" for any information system. As a result, successful risk management must be strategically planned with regard to desired assurance levels and costs. In this paper we define the practices associated with strategic planning for managing information security and assurance. We provide a concrete and practical approach for generating such strategic plans that is provably optimal and robust.\",\"PeriodicalId\":212375,\"journal\":{\"name\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISA.2008.88\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Information Security and Assurance (isa 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISA.2008.88","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

处理风险对于任何信息安全和保证工作的成功都是至关重要的。随着社会对大型信息系统的依赖日益增加，安全风险的处理是一个相当重要和关注的话题。为任何信息系统提供“完全安全”通常是不可行的。因此，成功的风险管理必须根据期望的保证级别和成本进行战略规划。在本文中，我们定义了与管理信息安全和保障的战略规划相关的实践。我们提供了一种具体而实用的方法来生成这种可证明是最优和稳健的战略计划。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Strategic Planning for Information Security and Assurance

Dealing with risk is critical to the success of any information security and assurance endeavor. With society's ever-increasing dependence on large-scale information systems, dealing with security risk is a topic of considerable importance and attention. It is generally infeasible to provide "total security" for any information system. As a result, successful risk management must be strategically planned with regard to desired assurance levels and costs. In this paper we define the practices associated with strategic planning for managing information security and assurance. We provide a concrete and practical approach for generating such strategic plans that is provably optimal and robust.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 International Conference on Information Security and Assurance (isa 2008)

自引率

0.00%

发文量

期刊最新文献

A New Electronic Communication Technology - VT Position Code Communication Technology and Its Implementation CRYPTEX Model for Software Source Code The Economics of Privacy-Privacy: People, Policy and Technology Why MSN Lost to QQ in China Market? Different Privacy Protection Design Maximizing Return on Security Safeguard Investment with Constraint Satisfaction