Title
Mindful Administration Of Is Security Policies
Keywords
CobIT; ISO; IT security; IT security policy; Mindfulness; Security standards
Abstract
Managers of information systems have ethical, moral and legal obligations to protect their organization's intellectual property. They often look to frameworks such as the Control Objectives for Information and related Technology (CobIT) to guide them to what data needs to be secured or standards such as the ISO/IEC 27000 series to provide best practices regarding their policies on how to safeguard this information. However, these policies are either vague in the details or not fluid and flexible enough to account for the unexpected security events that may render them obsolete. For example, Google recently released an online suite of applications that would allow an organization's employees to collaborate on items of intellectual capital stored on Google's servers outside the control of the organization's information technology (IT) department. Additionally, new techniques have been discovered to break the encryption of data that was previously thought to be lost when the device containing it was powered off. While these events certainly have utility to practitioners, they also pose new threats to the security of intellectual capital created and stored on IT artifacts. This paper advocates mindfulness (Weick and Sutcliffe, 2001) as a necessary component of choosing and adapting security policies to better predict the unexpected security threats that may come as a result of technological change, environmental forces, or organizational use of IT.
Publication Date
12-1-2008
Publication Title
14th Americas Conference on Information Systems, AMCIS 2008
Volume
1
Number of Pages
85-93
Document Type
Article; Proceedings Paper
Personal Identifier
scopus
Copyright Status
Unknown
Socpus ID
84870386555 (Scopus)
Source API URL
https://api.elsevier.com/content/abstract/scopus_id/84870386555
STARS Citation
Parrish, James L.; Kuhn, John R.; and Courtney, James F., "Mindful Administration Of Is Security Policies" (2008). Scopus Export 2000s. 9515.
https://stars.library.ucf.edu/scopus2000/9515