Full title: The impact of security management
Overview: This report examines the organisation, programmes and resources needed to promote good practice in information security effectively across an enterprise (ie an individual company, business unit or public-sector body). It presents an objective, factual analysis of the impact that security management has on an organisation; and covers the status of information security arrangements ‘on the ground’ (ie as applied to individual critical business applications, computer installations, networks and systems development activities), the risk of major incidents affecting business-critical environments and whether particular methods of managing security have a discernible impact on risk.
Published by: Information Security Forum (ISF)
Date published: October 1999
Status: Available to ISF Members.
Citicus role: Two founders of Citicus carried out the research on which this report is based, for and on behalf of the ISF. One was the principal author of the report and the other assisted in its development.