Security in Modern Business : Security Assessment Model for Information Security Practices
Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45) › 32_Refereed conference paper (with ISBN/ISSN) › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
| Original language | English |
|---|---|
| Title of host publication | PACIS 2004 Proceedings |
| Publisher | Association for Information Systems (AIS) |
| Pages | 1506-1519 |
| Publication status | Published - Jul 2004 |
Conference
| Title | 8th Pacific Asia Conference on Information Systems (PACIS 2004) |
|---|---|
| Place | China |
| City | Shanghai |
| Period | 8 - 11 July 2004 |
Link(s)
| Permanent Link | https://scholars.cityu.edu.hk/en/publications/publication(d69a3378-f7ac-41b4-b423-b3619d55d781).html |
|---|
Abstract
From my previous field research, I found that most of the organizations have very poor security practices. Some organizations may be aware of the consequences of information security breaches, but would rather take the risk. Some are not knowledgeable enough and partly because they have very limited resources to allocate in areas that return no benefits. Some of them may think that their business partners will help to protect their information. As a result, this is a kind of “I don’t care about what you care about” practice. In other words, natures of these loopholes have been investigated and explored. The next thing is to find solutions to fill this security gap.
Building on the findings of previous research, this paper identifies the prescriptions that will reduce business information vulnerability. I first review the current information security models or frameworks, all of which have shortcomings, and then discuss ISO9000 and the Capability Maturity Model, which can solve some of the problems that arise from business information vulnerability. To fill the solution gap, I finally develop a new security assessment model. Due to space limitation, details of this assessment model development processes will be discussed in my other research paper.
Building on the findings of previous research, this paper identifies the prescriptions that will reduce business information vulnerability. I first review the current information security models or frameworks, all of which have shortcomings, and then discuss ISO9000 and the Capability Maturity Model, which can solve some of the problems that arise from business information vulnerability. To fill the solution gap, I finally develop a new security assessment model. Due to space limitation, details of this assessment model development processes will be discussed in my other research paper.
Research Area(s)
- Information Security Management, modern business, security assessment model, CMM, ISO17799
Citation Format(s)
Security in Modern Business : Security Assessment Model for Information Security Practices. / Tse, Daniel W K.
PACIS 2004 Proceedings. Association for Information Systems (AIS), 2004. p. 1506-1519 119.Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45) › 32_Refereed conference paper (with ISBN/ISSN) › peer-review
