Abstract
Usually, information security management practices do not explicitly take account of weak signals, factors that lie below the detection surface, which may, however, constitute a huge security threat. This study analyses what kinds of weak signals are present in information security, followed by a discussion on their detection. Responses to weak signals are also considered as well as certain privacy concerns related to the issue. These issues are of great urgency not only for government officials responsible of public security and dealing with the current wave of terrorism, but also to corporate information security and top managers running the day to day business of their companies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ansoff, I.: Managing Strategic Surprise by Response to Weak Signals. California Management Review XVII(2) (1975)
Ansoff, I.: Implementing Strategic Management. Prentice Hall, Englewood Cliffs (1985)
Anttila, J., Kajava, J., Varonen, R.: Balanced Integration of Information Security into Business Management. In: Proceedings of the Euromicro 2004 Conference. IEEE Computer Society, Los Alamitos (2004)
British Standards Institution: A Code of Practice for Information Security Management, Department of Trade and Industry, DISC PD003 (1993)
British Standards Institution: BS 7799-2. Information Security Management Systems – Specification with Guidance for Use, Part 2, London (2002)
Gustafsson, R., et al.: Uuden sukupolven teknologiaohjelmia etsimässä (In Finnish, Executive Summary in English available), TEKES National Technology Agency of Finland (2003)
Information Technology Security Evaluation Criteria (ITSEC) Version 1.2, Commission for the European Communities (1991)
INFOSEC Assurance Capability Maturity Model (IA-CMM), Version 3.0 (2003)
ISO/IEC 15408. Information Technology – Security Techniques – Evaluation Criteria for IT Security (1999)
ISO/IEC 17799. Information Technology – Code of Practice for Information Security Management (2001)
ISO/IEC 21827. Information Technology – Systems Security Engineering – Capability Maturity Model SSE-CMM (2002)
ISO/IEC JTC1/SC27. Guidelines for the Management of IT Security (1995)
London, K.: The People Side of System – The Human Aspects of Computer Systems. McGraw-Hill, London (1976)
Murine, G.E., Carpenter, C.L.: Measuring Computer System Security Using Software Security Metrics. In: Finch, J.H., Dougall, E.G. (eds.) Computer Security: A Global Challenge. Elsevier Science Publisher, Barking (1984)
Royal Canadian Mounted Police: Security in the EDP Environment, 2nd edn., Gendarmerie Royale du Canada, Canada. Security Information Publication (1981)
Stacey, T.R.: Information Security Program Maturity Grid. Information Systems Security 5(2) (1996)
Trusted Computer System Evaluation Criteria (TCSEC) “Orange Book”, U.S. Department of Defense Standard, DoD 5200.28-std (1985)
VAHTI – Valtionhallinnon tietoturvallisuuden kehitysohjelma 2004-2006 (The Finnish Government Information Security Development Program 2004-2006), Finnish Ministry of Finance. In: Finnish, English summary available (2004)
Voas, J.: Why is it so Hard to Predict Software System Trustworthiness from Sofware Component Trustworthiness? In: Proceedings of the 20th IEEE Symposium on Reliable Distributed Systems, p. 179 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kajava, J., Savola, R., Varonen, R. (2005). Weak Signals in Information Security Management. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_75
Download citation
DOI: https://doi.org/10.1007/11596981_75
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)