Ruth C. Mitchell
Corporate information security management.
Mitchell, Ruth C.; Marcella, Rita; Baxter, Graeme
To ensure business continuity the security of corporate information is extremely important. Previous studies have shown that corporate information is vulnerable to security attacks. Companies are losing money through security breaches. This paper describes an MSc project that aimed to investigate the issues surrounding corporate information security management. Postal questionnaires and telephone interviews were used. Findings indicate that companies are not proactively tackling information security management and thus are not prepared for security incidents when they occur. Reasons for this lack of action include: awareness of information security threats is restricted; management and awareness of information security is concentrated around the IT department; electronic information is viewed as an intangible business asset; potential security risks of Internet access have not been fully assessed; and surveyed companies have not yet encountered security problems, and therefore are unprepared to invest in security measures. The recommendations include that companies: carry out a formal risk analysis; move information security management from being an IT-centric function; and alter perceptions towards electronic information so that information is viewed as a valuable corporate asset.
|Journal Article Type||Article|
|Publication Date||Dec 31, 1999|
|Journal||New library world|
|Peer Reviewed||Peer Reviewed|
|Institution Citation||MITCHELL, R.C., MARCELLA, R. and BAXTER, G. 1999. Corporate information security management. New library world [online], 100(5), pages 213-227. Available from: https://doi.org/10.1108/03074809910285888|
|Keywords||Information security; Electronic information resources; Companies|
MITCHELL 1999 Corporate information security management