Volume 6

Volume 6, Number 31

March 10, 2008

27 pages1376 K bytes

An Architectural and Process Model Approach to Information Security Management

Anene L. Nnolim
Lawrence Technological University
Southfield, MI 48075 USA

Annette Lerine Steenkamp
Lawrence Technological University
Southfield, MI 48075-1058 USA

Abstract: This paper reports on part of a doctoral dissertation research project in information security management. One of the aims of the project is to develop an architectural framework and a process model, with supporting methodology that could enable integration of information security management with enterprise life cycle processes. Over the years, the focus of information security evolved from physical security of computer centers to securing information technology systems and networks, to securing business information systems. With the Internet, computers can communicate and share information with other computers outside organization’s networks. This meant that the existing security model was inadequate to meet the threats and challenges inherent in this new technology infrastructure. A new approach to information security management is needed to meet these security challenges. A meta model for the information security management viewpoint, developed in this research, includes various meta primitives, namely; business strategy and mission, security management goals and objectives, security management system, security management program, information security framework, security process improvement model with supporting methodology, and enterprise business systems. The elements of the architecture framework in this research are stakeholder, principles, purpose, level of abstraction, organization layer, context, representation scheme, modeling scheme, standards, and the required technology. An information security management process model in this research consists of four major phases, namely; planning, analysis and design, implementation, and operations and a process improvement sub-phase. Dissertation research results so far indicate a conceptual model that includes other security management models that are beyond the scope of this paper.

Keywords: information security management, architecture framework, security process model, security viewpoint, enterprise security, process improvement

Download this issue:   ISEDJ.6(31).Nnolim.pdf   (Adobe PDF, 27 pages, 1376 K bytes)

Preview the contents:   Nnolim.c.txt   (ASCII txt, 64 K bytes)

Recommended Citation: Nnolim and Steenkamp (2008). An Architectural and Process Model Approach to Information Security Management. Information Systems Education Journal, 6 (31). http://isedj.org/6/31/. ISSN: 1545-679X. (A preliminary version appears in The Proceedings of ISECON 2007: §3154. ISSN: 1542-7382.)