Managing information security through policy definition: organizational implications

Sadok, M.; Spagnoletti, Paolo

doi:10.1007/978-3-7908-2789-7_45

IRIS - Institutional Research Information System

IRIS è il sistema di gestione integrata dei dati della ricerca adottato dalla LUISS Guido Carli. Il Catalogo dei prodotti della ricerca della LUISS raccoglie e rende disponibile, dove possibile nel rispetto del diritto d'autore, la produzione scientifica dei docenti e ricercatori dell'Ateneo. Il Catalogo alimenta inoltre i siti docenti del MIUR.

Organizations are more dependent than ever on the effective security of their information systems in order to ensure business continuity, efficiency and compliance with regulatory and governance frameworks. However, security breaches surveys reveal a poor effectiveness of security solutions and procedures implemented by the enterprises. In particular, enterprises experience difficulties in assessing and managing their security risks, applying appropriate security controls, as well as preventing security threats. In this paper we explore the nature of a security policy with a specific focus on managerial and strategic implications of the security policy implementation process. Two examples are provided in order to setup the basis of a method for the definition of security policies aligned with both operational and strategic plans of an enterprise.

Check for full text @ LUISS

Titolo:	Managing information security through policy definition: organizational implications
Autori:	M. Sadok SPAGNOLETTI, PAOLO mostra contributor esterni nascondi contributor esterni
Data di pubblicazione:	2012
Abstract:	Organizations are more dependent than ever on the effective security of their information systems in order to ensure business continuity, efficiency and compliance with regulatory and governance frameworks. However, security breaches surveys reveal a poor effectiveness of security solutions and procedures implemented by the enterprises. In particular, enterprises experience difficulties in assessing and managing their security risks, applying appropriate security controls, as well as preventing security threats. In this paper we explore the nature of a security policy with a specific focus on managerial and strategic implications of the security policy implementation process. Two examples are provided in order to setup the basis of a method for the definition of security policies aligned with both operational and strategic plans of an enterprise.
Handle:	http://hdl.handle.net/11385/40256
ISBN:	9783790827880
Appare nelle tipologie:	02.1 - Capitolo o saggio su monografia (Monograph’s Chapter/Essay)

File in questo prodotto:

File	Descrizione	Tipologia	Licenza
Information Systems 1.pdf		Post-print	DRM non definito	Administrator

Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11385/40256

Citazioni

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.