For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Improvement and Security Analysis on Symmetric Key Authentication Protocol Needham-Schroeder
p.1289
Design and Establishment of Information Exchange Standard on Campus
p.1294
Research and Implementation of Interceptor Based General Physical Pagination Component of Mybatis
p.1299
The Analysis and Improvement of the Certified E-Mail Protocol
p.1305
Establish a Dynamic Business Driven Integrative Information Security Architecture
p.1309
Design and Implementation of Next-Generation Data Center Infrastructure
p.1316
The Analysis of Electronic Commerce Project Risk Based on the Map Reduce Algorithm
p.1320
An Improved Tendentious Algorithm of Lexical Semantic
p.1326
Cloud Computing Resource Schedule Strategy Based on PSO Algorithm
p.1332

Establish a Dynamic Business Driven Integrative Information Security Architecture

Article Preview

Abstract:

With Respect to the challenges most organizations are facing when considering information security management, especially how to demonstrate the value of security to senior leadership and how to meet all kinds of legislations in one place, this article describes a dynamic business driven integrative information security architecture to address those problems. By designing the architecture through three levels which are domain level, component level, and control level, the architecture is target to establish alignment and traceability between business and security, build customer service concept within security practices, establish a dynamic and integrative framework, and manager information security in a more predictive and proactive manner. By applying this architecture into a real life business case, the fact shows that after the implementation, the major security indicators have been visibly improved.

You might also be interested in these eBooks
Applied Science, Materials Science and Information Technologies in Industry View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 513-517)

Pages:

1309-1315

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.513-517.1309

Citation:

Cite this paper

Online since:

February 2014

Authors:

Chang Long Tang*

Keywords:

Alignment, Business Value, Information Security Architecture, Integrative Framework, Ligislation Requirements, Traceability

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Humphreys, Edward (2010), Information Security Risk Management –Handbook for ISO/IEC 27001, Pub. BSI British Standards Institution.

DOI: 10.3403/9780580607455

Google Scholar

[2] Humphreys, Edward (2011), Information Security Management System Standards, DuD Datenschutz und Datensicherheit.

DOI: 10.1007/s11623-011-0004-3

Google Scholar

[3] Humphreys, Edward and Plate Angelika (2008), Pub. BSI British Standards Institution.

Google Scholar

[4] Humphreys, Edward and Plate Angelika (2007), ISMS Metrics, Pub. MIQA, London.

Google Scholar

[5] IT Governance Institute. Control Objectives for Information and related Technology 5. 0, USA: IT Governance Institute, (2012).

Google Scholar

[6] Sharon Taylor, Majid Iqbal, Michael Nieves, . Information Technology Infrastructure Library , England: Office of Government Commerce, ITIL Press Office, (2007).

Google Scholar

[7] International Organization for Standardization, International Electrotechnical Commission. ISO/IEC 27001: 2005 Information Technology-Security Techniques-Information Security Management Systems -Requirements. Switzerland: ISO copyright office, (2005).

DOI: 10.3403/30428291u

Google Scholar

[8] National Institute of Standards and Technology, U.S. Department of Commerce. NIST Special Publication 800 series.

Google Scholar

[9] National Security Agency Information Assurance.

Google Scholar

[10] Solutions Technical Directors. Information Assurance Technical Framework (IATF) version3. 0. (2010).

Google Scholar

[11] PCI Security Standards Council LLC. PCI DSS Requirements and Security Assessment Procedures, Version 2. 0. (2010).

Google Scholar

[12] Federal Financial Institutions Examination Council. IT Examination Handbook, information security Booklet. USA: FFIEC, (2006).

Google Scholar

[13] The Open Group's Architecture Forum. The Open Group Architecture Framework version 9. 1, (2012).

Google Scholar

[14] Howard Rohm. Using the Balanced Scorecard to Align Your Organization. Balanced Scorecard Institute, a Strategy Management Group company, (2008).

Google Scholar

[15] Software Engineering Institute, Carnegie Mellon University. Capability Maturity Model Integration (CMMI) Version 1. 3. USA: Carnegie Mellon University, (2010).

DOI: 10.14796/jwmm.r246-24

Google Scholar

[16] STRATUM SECURITY. Proactive Phishing Defense. (2012).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.