Security in Modern Business: Security Assessment Model for Information Security Practices

Daniel W K Tse

Security in Modern Business: Security Assessment Model for Information Security Practices

Daniel W K Tse

Department of Information Systems

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

Abstract

From my previous field research, I found that most of the organizations have very poor security practices. Some organizations may be aware of the consequences of information security breaches, but would rather take the risk. Some are not knowledgeable enough and partly because they have very limited resources to allocate in areas that return no benefits. Some of them may think that their business partners will help to protect their information. As a result, this is a kind of “I don’t care about what you care about” practice. In other words, natures of these loopholes have been investigated and explored. The next thing is to find solutions to fill this security gap.
Building on the findings of previous research, this paper identifies the prescriptions that will reduce business information vulnerability. I first review the current information security models or frameworks, all of which have shortcomings, and then discuss ISO9000 and the Capability Maturity Model, which can solve some of the problems that arise from business information vulnerability. To fill the solution gap, I finally develop a new security assessment model. Due to space limitation, details of this assessment model development processes will be discussed in my other research paper.

Original language	English
Title of host publication	PACIS 2004 Proceedings
Publisher	Association for Information Systems
Pages	1506-1519
Publication status	Published - Jul 2004
Event	8th Pacific Asia Conference on Information Systems (PACIS 2004) - Shanghai, China Duration: 8 Jul 2004 → 11 Jul 2004 https://aisel.aisnet.org/pacis2004/

Conference

Conference	8th Pacific Asia Conference on Information Systems (PACIS 2004)
Place	China
City	Shanghai
Period	8/07/04 → 11/07/04
Internet address	https://aisel.aisnet.org/pacis2004/

Research Keywords

Information Security Management
modern business
security assessment model
CMM
ISO17799

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@inproceedings{d69a3378f7ac41b4b423b3619d55d781,

title = "Security in Modern Business: Security Assessment Model for Information Security Practices",

abstract = "From my previous field research, I found that most of the organizations have very poor security practices. Some organizations may be aware of the consequences of information security breaches, but would rather take the risk. Some are not knowledgeable enough and partly because they have very limited resources to allocate in areas that return no benefits. Some of them may think that their business partners will help to protect their information. As a result, this is a kind of “I don{\textquoteright}t care about what you care about” practice. In other words, natures of these loopholes have been investigated and explored. The next thing is to find solutions to fill this security gap. Building on the findings of previous research, this paper identifies the prescriptions that will reduce business information vulnerability. I first review the current information security models or frameworks, all of which have shortcomings, and then discuss ISO9000 and the Capability Maturity Model, which can solve some of the problems that arise from business information vulnerability. To fill the solution gap, I finally develop a new security assessment model. Due to space limitation, details of this assessment model development processes will be discussed in my other research paper.",

keywords = "Information Security Management, modern business, security assessment model, CMM, ISO17799",

author = "Tse, {Daniel W K}",

year = "2004",

month = jul,

language = "English",

pages = "1506--1519",

booktitle = "PACIS 2004 Proceedings",

publisher = "Association for Information Systems",

address = "United States",

note = "8th Pacific Asia Conference on Information Systems (PACIS 2004) ; Conference date: 08-07-2004 Through 11-07-2004",

url = "https://aisel.aisnet.org/pacis2004/",

}

TY - GEN

T1 - Security in Modern Business

T2 - 8th Pacific Asia Conference on Information Systems (PACIS 2004)

AU - Tse, Daniel W K

PY - 2004/7

Y1 - 2004/7

N2 - From my previous field research, I found that most of the organizations have very poor security practices. Some organizations may be aware of the consequences of information security breaches, but would rather take the risk. Some are not knowledgeable enough and partly because they have very limited resources to allocate in areas that return no benefits. Some of them may think that their business partners will help to protect their information. As a result, this is a kind of “I don’t care about what you care about” practice. In other words, natures of these loopholes have been investigated and explored. The next thing is to find solutions to fill this security gap. Building on the findings of previous research, this paper identifies the prescriptions that will reduce business information vulnerability. I first review the current information security models or frameworks, all of which have shortcomings, and then discuss ISO9000 and the Capability Maturity Model, which can solve some of the problems that arise from business information vulnerability. To fill the solution gap, I finally develop a new security assessment model. Due to space limitation, details of this assessment model development processes will be discussed in my other research paper.

AB - From my previous field research, I found that most of the organizations have very poor security practices. Some organizations may be aware of the consequences of information security breaches, but would rather take the risk. Some are not knowledgeable enough and partly because they have very limited resources to allocate in areas that return no benefits. Some of them may think that their business partners will help to protect their information. As a result, this is a kind of “I don’t care about what you care about” practice. In other words, natures of these loopholes have been investigated and explored. The next thing is to find solutions to fill this security gap. Building on the findings of previous research, this paper identifies the prescriptions that will reduce business information vulnerability. I first review the current information security models or frameworks, all of which have shortcomings, and then discuss ISO9000 and the Capability Maturity Model, which can solve some of the problems that arise from business information vulnerability. To fill the solution gap, I finally develop a new security assessment model. Due to space limitation, details of this assessment model development processes will be discussed in my other research paper.

KW - Information Security Management

KW - modern business

KW - security assessment model

KW - CMM

KW - ISO17799

M3 - RGC 32 - Refereed conference paper (with host publication)

SP - 1506

EP - 1519

BT - PACIS 2004 Proceedings

PB - Association for Information Systems

Y2 - 8 July 2004 through 11 July 2004

ER -

Security in Modern Business: Security Assessment Model for Information Security Practices

Abstract

Conference

Research Keywords

Other Access Options

Permanent Link

Fingerprint

Cite this