You are here

The Principles

8 September, 2015 - 16:12

Having sketched the background for information systems security and advanced the main security challenges confronting organizations, how should organizations proceed in the complex task of protecting their information assets?

The solution to the pressing problems of managing information security lies in shifting emphasis from technology to organizational and social process. Although this orientation has been defended by many, in practice the design of over-formalized, acontextual, ahistorical and reactive security solutions still dominates. Many solutions don’t fit. because there is inadequate consideration of information security issues.

Although there is no magic bullet to solve IS security challenges, this section presents a set of fundamental principles necessary for managing current information security issues. This management framework is composed of six principles, which are classified into three classes, namely:

  • Managing the informal aspects of IS security
  • Managing the formal aspects of IS security
  • Managing the technical aspects of IS security

Following a brief description of each class, each principle is elaborated and suggestions regarding its applicability advanced.