The Proceedings of the Information Systems Education Conference 2007: §3154    Home    Papers/Indices    prev (§3153)    Next (§3155)
Sat, Nov 3, 9:00 - 9:25, Haselton 2     Paper (refereed)
Recommended Citation: Nnolim, A L and A L Steenkamp.  An Architectural and Process Model Approach to Information Security Management.  In The Proceedings of the Information Systems Education Conference 2007, v 24 (Pittsburgh): §3154. ISSN: 1542-7382. (A later version appears in Information Systems Education Journal 6(31). ISSN: 1545-679X.)
 
Recipient of Distinguished PhD Paper Award
 
CDpic

An Architectural and Process Model Approach to Information Security Management

thumb
Refereed24 pages
Anene L. Nnolim    [a1] [a2]
Lawrence Technological University    [u1] [u2]
Southfield, Michigan, USA    [c1] [c2]

Annette Lerine Steenkamp    [a1] [a2]
College of Management
Lawrence Technological University    [u1] [u2]
Southfield, Michigan, USA    [c1] [c2]

This paper reports on part of a doctoral dissertation research project in information security management. One of the aims of the project is to develop an architectural framework and a process model, with supporting methodology that could enable integration of information security management with enterprise life cycle processes. Over the years, the focus of information security evolved from physical security of computer centers to securing information technology systems and networks, to securing business information systems. With the Internet, computers can communicate and share information with other computers outside organizationís networks. This meant that the existing security model was inadequate to meet the threats and challenges inherent in this new technology infrastructure. A new approach to information security management is needed to meet these security challenges. A meta model for the information security management viewpoint, developed in this research, includes various meta primitives, namely; business strategy and mission, security management goals and objectives, security management system, security management program, information security framework, security process improvement model with supporting methodology, and enterprise business systems. The elements of the architecture framework in this research are stakeholder, principles, purpose, level of abstraction, organization layer, context, representation scheme, modeling scheme, standards, and the required technology. An information security management process model in this research consists of four major phases, namely; planning, analysis and design, implementation, and operations and a process improvement sub-phase. Dissertation research results so far indicate a conceptual model that includes other security management models that are beyond the scope of this paper.

Keywords: information security management, architecture framework, security process model, security viewpoint, enterprise security, process improvement

Read this refereed paper in Adobe Portable Document (PDF) format. (24 pages, 1222 K bytes)
Preview this refereed paper in Plain Text (TXT) format. (64 K bytes)

CDpic
Comments and corrections to
webmaster@isedj.org