Title: Challenges and complexities of managing information security

Authors: Cyril Onwubiko, Andrew P. Lenaghan

Addresses: Intelligence and Security Assurance, E-Security Group, Research Series Limited, London RM10 7XX, UK. ' Flawless Money Limited, Surbiton, Surrey KT6 6NG, UK

Abstract: Information security (IS) management is both complex and challenging. The complexity stems from the pervasive and multi-functional nature of IS, first, to protect organisations| valued assets, in order to achieve secure and dependable information assurance, and second, to advance business relations for the organisation by creating platforms for trust, business alliance and collaboration. Further, the ever-growing dependence of organisations on technology to drive businesses and to create a competitive advantage makes IS management for organisations extremely challenging. These challenges facing organisations in managing IS are numerous and inherently diverse. A traditional approach in addressing these challenges includes the use of technical controls to treat risks. Whilst technical controls are helpful in protecting valued assets, unfortunately, technical controls alone are insufficient in providing dependable security and information assurance required in a contemporary global enterprise. Global outsourcing, consumer-centricity, security compliance and legislation as emerging global business drivers have imposed new security requirements that complicate traditional perspective in security management.

Keywords: compliance; culture; digital forensics; electronic security; information security; privacy; return on investment; ROI; security management; security outsourcing; security requirements.

DOI: 10.1504/IJESDF.2009.027524

International Journal of Electronic Security and Digital Forensics, 2009 Vol.2 No.3, pp.306 - 321

Published online: 28 Jul 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article