House of Security: Locale, Roles and Resources for Ensuring Information Security Research-in-Progress

Ang, Wee Horng; Lee, Yang W.; Madnick, Stuart E.; Mistress, Dinsha; Siegel, Michael D.; Strong, Diane M.; Wang, Richard Y.; Yao, Chrisy

Author(s)

Ang, Wee Horng; Lee, Yang W.; Madnick, Stuart E.; Mistress, Dinsha; Siegel, Michael D.; ... Show more

Downloadesd-wp-2006-18.pdf (102.6Kb)

Metadata

Show full item record

Abstract

In this paper we redefine information security by extending its definition in three salient avenues: locale (beyond the boundary of an enterprise to include partner organizations), role (beyond the information custodians’ view to include information consumers’ and managers’ views), and resource (beyond technical dimensions to include managerial dimensions). Based on our definition, we develop a model of information security, which we call the House of Security. This model has eight constructs, Vulnerability, Accessibility, Confidentiality, IT Resources for Security, Financial Resources for Security, Business Strategy for Security, Security Policy and Procedures, and Security Culture. We have developed a questionnaire to measure the assessment and importance of information security along these eight aspects. The questionnaire covers multiple locales and questionnaire respondents cover multiple roles. Data collection is currently in process. Results from our analysis of the collected data will be ready for presentation at the conference.

Date issued

2006-08

URI

http://hdl.handle.net/1721.1/102806

Publisher

Massachusetts Institute of Technology. Engineering Systems Division

Series/Report no.

ESD Working Papers;ESD-WP-2006-18

Collections

Engineering Systems Division (ESD) Working Paper Series