Title

Mindful Administration Of Is Security Policies

Keywords

CobIT; ISO; IT security; IT security policy; Mindfulness; Security standards

Abstract

Managers of information systems have ethical, moral and legal obligations to protect their organization's intellectual property. They often look to frameworks such as the Control Objectives for Information and related Technology (CobIT) to guide them to what data needs to be secured or standards such as the ISO/IEC 27000 series to provide best practices regarding their policies on how to safeguard this information. However, these policies are either vague in the details or not fluid and flexible enough to account for the unexpected security events that may render them obsolete. For example, Google recently released an online suite of applications that would allow an organization's employees to collaborate on items of intellectual capital stored on Google's servers outside the control of the organization's information technology (IT) department. Additionally, new techniques have been discovered to break the encryption of data that was previously thought to be lost when the device containing it was powered off. While these events certainly have utility to practitioners, they also pose new threats to the security of intellectual capital created and stored on IT artifacts. This paper advocates mindfulness (Weick and Sutcliffe, 2001) as a necessary component of choosing and adapting security policies to better predict the unexpected security threats that may come as a result of technological change, environmental forces, or organizational use of IT.

Publication Date

12-1-2008

Publication Title

14th Americas Conference on Information Systems, AMCIS 2008

Volume

1

Number of Pages

85-93

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

Socpus ID

84870386555 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84870386555

This document is currently not available here.

Share

COinS