信息安全专业人员和业务经理对信息安全问题的看法不同吗?

R. Rainer, T. Marshall, Kenneth J. Knapp, Gina H. Montgomery
{"title":"信息安全专业人员和业务经理对信息安全问题的看法不同吗?","authors":"R. Rainer, T. Marshall, Kenneth J. Knapp, Gina H. Montgomery","doi":"10.1080/10658980701260579","DOIUrl":null,"url":null,"abstract":"Organizations today know that information technology is essential not only for daily operations but also for gaining strategic advantage in the marketplace. The importance of information technology means that information security has also become important. Breaches in information security can result in litigation, financial losses, damage to brands, loss of customer confidence, loss of business partner confidence, and can even cause the organization to go out of business. A recent study (Knapp, Marshall, Rainer, & Morrow 2006) surveyed 874 certified information system security professionals (CISSPs) to determine and rank the top 25 information security issues. Of the 18 highest-ranked issues, 10 were more managerial in nature rather than technical. Table 1 shows these ten issues with their ranks in parentheses. As we consider these ten issues as a whole, we see how critically important it is for information security professionals to have strong business, management, and organizational skills. As we look at each issue individually, we see a list of specific areas where information security professionals should have competence in order to effectively operate in an organizational context. The list of issues in Table 1 represents the issues with which information security professionals often have the most difficulty addressing. For example, three of these issues emphasize the need for excellent communication between information security professionals and business managers. The issues of “top management support,” “low funding and inadequate budgets,” and “justifying security expenditures” are closely related. The support of organizational executives is clearly needed to obtain the necessary funding for the information security function. To obtain this funding, information security professionals must present a coherent business case for information security needs. Information security professionals must also communicate with the entire user community to raise their awareness of information security issues through training and education, thereby promoting an organizational culture attuned to information security. Information security professionals must also work with business managers and the user community during the risk Address correspondence to R. Kelly Rainer, Jr., Ph.D., George Phillips Privett Professor of Management Information Systems at Auburn University, Auburn, Alabama. E-mail: rainerk@auburn.edu Do Information Security Professionals and Business Managers View Information Security Issues Differently?","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2007-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"35","resultStr":"{\"title\":\"Do Information Security Professionals and Business Managers View Information Security Issues Differently?\",\"authors\":\"R. Rainer, T. Marshall, Kenneth J. Knapp, Gina H. Montgomery\",\"doi\":\"10.1080/10658980701260579\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Organizations today know that information technology is essential not only for daily operations but also for gaining strategic advantage in the marketplace. The importance of information technology means that information security has also become important. Breaches in information security can result in litigation, financial losses, damage to brands, loss of customer confidence, loss of business partner confidence, and can even cause the organization to go out of business. A recent study (Knapp, Marshall, Rainer, & Morrow 2006) surveyed 874 certified information system security professionals (CISSPs) to determine and rank the top 25 information security issues. Of the 18 highest-ranked issues, 10 were more managerial in nature rather than technical. Table 1 shows these ten issues with their ranks in parentheses. As we consider these ten issues as a whole, we see how critically important it is for information security professionals to have strong business, management, and organizational skills. As we look at each issue individually, we see a list of specific areas where information security professionals should have competence in order to effectively operate in an organizational context. The list of issues in Table 1 represents the issues with which information security professionals often have the most difficulty addressing. For example, three of these issues emphasize the need for excellent communication between information security professionals and business managers. The issues of “top management support,” “low funding and inadequate budgets,” and “justifying security expenditures” are closely related. The support of organizational executives is clearly needed to obtain the necessary funding for the information security function. To obtain this funding, information security professionals must present a coherent business case for information security needs. Information security professionals must also communicate with the entire user community to raise their awareness of information security issues through training and education, thereby promoting an organizational culture attuned to information security. Information security professionals must also work with business managers and the user community during the risk Address correspondence to R. Kelly Rainer, Jr., Ph.D., George Phillips Privett Professor of Management Information Systems at Auburn University, Auburn, Alabama. E-mail: rainerk@auburn.edu Do Information Security Professionals and Business Managers View Information Security Issues Differently?\",\"PeriodicalId\":36738,\"journal\":{\"name\":\"Journal of Information Systems Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"35\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Systems Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/10658980701260579\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/10658980701260579","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}
引用次数: 35

摘要

今天的组织都知道,信息技术不仅对日常运作至关重要,而且对在市场上获得战略优势也至关重要。信息技术的重要性意味着信息安全也变得重要起来。违反信息安全可能导致诉讼、财务损失、品牌损害、客户信心丧失、业务合作伙伴信心丧失,甚至可能导致组织倒闭。最近的一项研究(Knapp, Marshall, Rainer, & Morrow 2006)调查了874名经过认证的信息系统安全专业人员(cissp),以确定前25个信息安全问题并对其进行排名。在排名最高的18个问题中,有10个问题在本质上更像是管理问题,而非技术性问题。表1在括号中显示了这十个问题的排名。当我们将这十个问题作为一个整体来考虑时,我们会看到对于信息安全专业人员来说,拥有强大的业务、管理和组织技能是多么的重要。当我们单独查看每个问题时,我们会看到信息安全专业人员应该具备的特定领域的列表,以便在组织上下文中有效地操作。表1中的问题列表代表了信息安全专业人员通常最难以解决的问题。例如,其中三个问题强调了信息安全专业人员和业务经理之间良好沟通的必要性。“高层管理支持”、“资金不足和预算不足”以及“证明安全支出的合理性”等问题是密切相关的。为了获得信息安全功能所需的资金,显然需要组织高管的支持。为了获得这笔资金,信息安全专业人员必须为信息安全需求提供连贯的业务案例。信息安全专业人员还必须与整个用户社区进行沟通,通过培训和教育提高他们对信息安全问题的认识,从而促进与信息安全相适应的组织文化。在与阿拉巴马州奥本大学管理信息系统George Phillips Privett教授R. Kelly Rainer, Jr.进行风险地址通信期间,信息安全专业人员还必须与业务经理和用户社区合作。电子邮件:rainerk@auburn.edu信息安全专业人员和业务经理对信息安全问题的看法不同吗?
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Do Information Security Professionals and Business Managers View Information Security Issues Differently?
Organizations today know that information technology is essential not only for daily operations but also for gaining strategic advantage in the marketplace. The importance of information technology means that information security has also become important. Breaches in information security can result in litigation, financial losses, damage to brands, loss of customer confidence, loss of business partner confidence, and can even cause the organization to go out of business. A recent study (Knapp, Marshall, Rainer, & Morrow 2006) surveyed 874 certified information system security professionals (CISSPs) to determine and rank the top 25 information security issues. Of the 18 highest-ranked issues, 10 were more managerial in nature rather than technical. Table 1 shows these ten issues with their ranks in parentheses. As we consider these ten issues as a whole, we see how critically important it is for information security professionals to have strong business, management, and organizational skills. As we look at each issue individually, we see a list of specific areas where information security professionals should have competence in order to effectively operate in an organizational context. The list of issues in Table 1 represents the issues with which information security professionals often have the most difficulty addressing. For example, three of these issues emphasize the need for excellent communication between information security professionals and business managers. The issues of “top management support,” “low funding and inadequate budgets,” and “justifying security expenditures” are closely related. The support of organizational executives is clearly needed to obtain the necessary funding for the information security function. To obtain this funding, information security professionals must present a coherent business case for information security needs. Information security professionals must also communicate with the entire user community to raise their awareness of information security issues through training and education, thereby promoting an organizational culture attuned to information security. Information security professionals must also work with business managers and the user community during the risk Address correspondence to R. Kelly Rainer, Jr., Ph.D., George Phillips Privett Professor of Management Information Systems at Auburn University, Auburn, Alabama. E-mail: rainerk@auburn.edu Do Information Security Professionals and Business Managers View Information Security Issues Differently?
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Information Systems Security
Journal of Information Systems Security Social Sciences-Safety Research
CiteScore
0.40
自引率
0.00%
发文量
0
期刊最新文献
Information Systems Security: 17th International Conference, ICISS 2021, Patna, India, December 16–20, 2021, Proceedings Information Systems Security: 16th International Conference, ICISS 2020, Jammu, India, December 16–20, 2020, Proceedings Information Systems Security: 15th International Conference, ICISS 2019, Hyderabad, India, December 16–20, 2019, Proceedings From the Editor's Desk Security Sickness in the Health Networks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1