Future Standardization Topics on Information Security Management |
Abstract
Since information security (InfoSec) has long
ago moved away from being only a technical issue, and has really become a
management issue in an organization, there are many issues to be
standardized on the InfoSec management field. In this seminar, the
functions and processes of InfoSec management are introduced to show the
areas that are covered in the standardization activities including ISO and
various national bodies.
Among the many issues not addressed in the
standardization efforts, I propose three topics that need to be addressed:
InfoSec metrics management, incident cost analysis and modeling, and
return on security investment. The seminar includes a discussion of the
rationales of the proposition and issues to be addressed in the future
standardization efforts.
By:
Prof. Jungduk Kim
Chung-Ang University, Korea
|
|
|