1. Information Security Management
- Author
-
J.I. Martins, Agostinho Valente, António Rosinha, and Henrique Jorge dos Santos
- Subjects
Information Systems and Management ,Knowledge management ,Computer Networks and Communications ,business.industry ,05 social sciences ,16. Peace & justice ,Computer security ,computer.software_genre ,language.human_language ,Information security management ,Hardware and Architecture ,0502 economics and business ,language ,050211 marketing ,Business ,Portuguese ,Safety, Risk, Reliability and Quality ,Safety Research ,computer ,050203 business & management ,Software ,Military organization - Abstract
The authors present a Case Study conducted in a Portuguese military organization, to answer the following research questions: (1) what are the most relevant dimensions and categories of information security controls applied in military organizations? (2) What are the main scenarios of information security incidents that are expected to occur? (3) What is the decision process used for planning and selection information security controls? This study reveals that: (1) information security within the military organization is built on the basis of physical and human attack vectors, and targeting the infrastructure that supports the flow of information in the organization; (2) the information security controls applied in the military organization are included in ISO/IEC 27001; (3) planning and selection of applied information security controls are made by decision makers and information security specialists. It appears that specialists impose their planning options essentially seeking to select and retrieve past successful information security cases.
- Published
- 2013
- Full Text
- View/download PDF