A utilitarian re-examination of enterprise-scale information security management. (12th March 2018)
- Record Type:
- Journal Article
- Title:
- A utilitarian re-examination of enterprise-scale information security management. (12th March 2018)
- Main Title:
- A utilitarian re-examination of enterprise-scale information security management
- Authors:
- Stewart, Andrew
- Abstract:
- Abstract : Purpose: An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks. Design/methodology/approach: The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations. Findings: The author identifies a number of information security management practices that are considered to be "best practice" in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses. Originality/value: Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent toAbstract : Purpose: An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks. Design/methodology/approach: The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations. Findings: The author identifies a number of information security management practices that are considered to be "best practice" in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses. Originality/value: Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent to which the literature can support practical, real-world activities. In both the areas, we have identified a number of opportunities to perform further work. … (more)
- Is Part Of:
- Information and computer security. Volume 26:Number 1(2018)
- Journal:
- Information and computer security
- Issue:
- Volume 26:Number 1(2018)
- Issue Display:
- Volume 26, Issue 1 (2018)
- Year:
- 2018
- Volume:
- 26
- Issue:
- 1
- Issue Sort Value:
- 2018-0026-0001-0000
- Page Start:
- 39
- Page End:
- 57
- Publication Date:
- 2018-03-12
- Subjects:
- Information security -- Management -- Spending -- BS7799 -- ISO/IEC 27001 -- Security management frameworks
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-03-2017-0012 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 6063.xml