Examination of Organizational Information Security Strategy: A Pilot Study

Beebe, Nicole Lang; Rao, V. Srinivasan

Examination of Organizational Information Security Strategy: A Pilot Study

The prevailing approach to cyber security continues to be the implementation of controls—technical, formal, and informal. We have seen little departure from a fundamentally preventive strategy. The criminal justice field has called for an increased emphasis on deterrence strategies, specifically Sit...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. VerfasserIn:	Beebe, Nicole Lang (VerfasserIn)
Beteiligte:	Rao, V. Srinivasan
Medienart:	Elektronisch Buch
Sprache:	Englisch
Veröffentlicht:	2009
In:	Jahr: 2009
Online-Zugang:	Volltext (kostenfrei)
Verfügbarkeit prüfen:	HBZ Gateway

MARC


LEADER	00000cam a22000002c 4500
001	1866345192
003	DE-627
005	20250124054907.0
007	cr uuu---uuuuu
008	231019s2009 xx \|\|\|\|\|o 00\| \|\|eng c
035			\|a (DE-627)1866345192
035			\|a (DE-599)KXP1866345192
040			\|a DE-627 \|b ger \|c DE-627 \|e rda
041			\|a eng
084			\|a 2,1 \|2 ssgn
100	1		\|a Beebe, Nicole Lang \|e VerfasserIn \|4 aut
245	1	0	\|a Examination of Organizational Information Security Strategy: A Pilot Study
264		1	\|c 2009
336			\|a Text \|b txt \|2 rdacontent
337			\|a Computermedien \|b c \|2 rdamedia
338			\|a Online-Ressource \|b cr \|2 rdacarrier
520			\|a The prevailing approach to cyber security continues to be the implementation of controls—technical, formal, and informal. We have seen little departure from a fundamentally preventive strategy. The criminal justice field has called for an increased emphasis on deterrence strategies, specifically Situational Crime Prevention (SCP). This paper presents the results of an exploratory (pilot) study based on interviews of CISOs (or approximate equivalents). We found that while the balance of controls does appear to be improving, technical controls are still the priority— particularly in small organizations. We found that IS security strategies are still predominantly preventive; organizations do not view offender deterrence as a strategy. The respondents definitely see room for strategic improvement. By and large, the information security professionals interviewed believe that cyber offenders are rational decision makers, that reducing anticipated benefit would be the most lucrative influence, followed by perceived effort required and perceived risk of being caught, in that order
700	1		\|a Rao, V. Srinivasan \|e VerfasserIn \|4 aut
856	4	0	\|u https://core.ac.uk/download/301344011.pdf \|x Verlag \|z kostenfrei \|3 Volltext
935			\|a mkri
951			\|a BO
ELC			\|a 1
LOK			\|0 000 xxxxxcx a22 zn 4500
LOK			\|0 001 4392990923
LOK			\|0 003 DE-627
LOK			\|0 004 1866345192
LOK			\|0 005 20231019043729
LOK			\|0 008 231019\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|ger\|\|\|\|\|\|\|
LOK			\|0 035 \|a (DE-2619)CORE17817626
LOK			\|0 040 \|a DE-2619 \|c DE-627 \|d DE-2619
LOK			\|0 092 \|o n
LOK			\|0 852 \|a DE-2619
LOK			\|0 852 1 \|9 00
LOK			\|0 935 \|a core
OAS			\|a 1
ORI			\|a SA-MARC-krimdoka001.raw