Enterprise Information Security Management Framework [EISMF]
DownloadFull printable version (18.81Mb)
Alternative title
EISMF
Other Contributors
System Design and Management Program.
Advisor
Michael Cusumano.
Terms of use
Metadata
Show full item recordAbstract
There are several technological solutions available in the market to help organizations with information security breach detection and prevention such as intrusion detection and prevention systems, antivirus software, firewalls, and spam filters. There is no doubt in the fact that significant progress has been made in the technological side of information security. However, when we study causes of information security breaches, we find that a significant number are caused by non-technical reasons such as social engineering, theft of computing device or portable hard drive, human behavior, and human error. This leads us to conclude that information security should not be viewed through technology perspective only. Instead, a more holistic approach is required. This thesis provides a systems approach towards information security management and include technological, management and social aspects. This thesis starts with introduction especially background and motivation of the author, followed by literature research. Next, Enterprise Information Security Management Framework is presented leading to estimation of an organization's information security management maturity-level. Finally, conclusion and potential future work are presented.
Description
Thesis (S.M. in Engineering and Management)--Massachusetts Institute of Technology, Engineering Systems Division, System Design and Management Program, 2011. Cataloged from PDF version of thesis. Includes bibliographical references (p. 124-130).
Date issued
2011Department
System Design and Management Program.; Massachusetts Institute of Technology. Engineering Systems DivisionPublisher
Massachusetts Institute of Technology
Keywords
Engineering Systems Division., System Design and Management Program.