Towards a systemic holistic security management
2002 (English)Other (Other (popular science, discussion, etc.))
Information System Security and its management "is a parasite on the profit" Gerald Kovacich.
This thesis presents research intended to both modify the understanding for, and to introduce information system security not only as a cost factor but also as a business enabler for eCommerce systems. To achieve this, system theoretic concepts will be applied to information security management, taking technology, sociology and business aspects into consideration. The first aspects dealt with are security conception and system specification. A set of requirements for electronic money systems has been developed. However, security management does not only consist of requirement specifications, but must also open for an economically and socially acceptable implementation. Therefore we have developed a holistic framework for security management. This framework describes the activities and workflows that lead to satisfactory security levels in eCommerce. To be able to develop an understandable framework we apply black boxing in order to hide details. The development progress results in investigations of some of the black boxes mentioned. To motivate the need of inclusion in the framework, two of these inquires will be presented, where the first one deals with the improvement of a risk assessment methodology for faster application in e-commerce, and the second one with the influence of the Internet on privacy.
Place, publisher, year, edition, pages
Karlstad: Karlstad University Studies , 2002.
Research subject Computer Science
IdentifiersURN: urn:nbn:se:kau:diva-24984ISBN: 91-85019-06-2OAI: oai:DiVA.org:kau-24984DiVA: diva2:598758