Information Technology Reference
In-Depth Information
information: (i) strategic activity importance, (ii) time criticality and (iii) content value.
The model creates an architecture that will guide, in real-time, security management.
This proposed model is substantiated in the information architecture model as proposed
by Zachmann 11 .
Security investments are discretionary and have to be adapted to the risk involved.
What happens if risk increases in real-time? In any case, we have to assume the highest
risk level exposure and invest accordingly. In the fortunate case of being able to use
outsourced security resources, the management procedures can be much more effective.
We propose the use of the framework to analyse and to manage risk in real-time.
On the one hand, managers can have instant access to the security situation of business
and can thus activate security emergence procedures in real-time. This not only provides
greater security effectiveness but diminished security management cost as well.
On the other hand, if at least part of the security resources can be allocated on-line
whenever possible, this diminishes directly the cost of security.
There are two major difficulties related to the implementation of this model. The first
is the cost of performing the security evaluation in real-time. The second one is the
operational decision-making that depends both on the operational capabilities of the
internal and external services, and the correct comprehension of the actual situation.
The framework is an effective way to tackle both.
The framework automatically performs the security evaluations according to the
granularity defined by the three dimensional space. Any real change in the security
exposure will be immediately taken into account. The critical success factor for this first
difficulty is resolved by the existence of a well conceived and real-time instance of the
framework. This instance has to be connected with every dimension present in the
operational layer of the information architecture.
The framework reveals explicitly our knowledge about the reality being secured. It is a
way to guide the construction of an integrated and effective security management
approach. In this respect, decision-making becomes more structured and its strength
follows the ability to use variable and external resources. The critical success factor of
this approach is the definition of the three dimensional space itself, the classification of
each dimension and its operational implementation.
10.
CONCLUSIONS AND FUTURE WORK
Security management must follow the importance of information, information
technology and information systems in organizations. The technological trends of
information technology and its use put information at the front and the primary concern
for strategy, operations and management. The current development of mobile technology
is creating an ubiquitous information infrastructure that continues to increase the
importance and dependence on this infrastructure. Information security has therefore to
evolve according to its importance to organizations.
Our work proposes a framework to tackle effectively security management of
information in organizations, including information with ubiquitous access. The
framework classifies information in a three dimensional space to reveal the architectural
dependence regarding time criticality, content value and strategic importance. The
framework can thus be used to create a model than can provide in real-time the global
Search WWH ::




Custom Search