Download This PaperHouse of Security: Locale, Roles and Resources for Ensuring Information Security
MIT Sloan Research Paper No. 4623-06
CISL Working Paper No. 2006-08
7 Pages Posted: 28 Aug 2006
Date Written: August 2006
Abstract
In this paper we redefine information security by extending its definition in three salient avenues: locale (beyond the boundary of an enterprise to include partner organizations), role (beyond the information custodians' view to include information consumers' and managers' views), and resource (beyond technical dimensions to include managerial dimensions). Based on our definition, we develop a model of information security, which we call the House of Security. This model has eight constructs, Vulnerability, Accessibility, Confidentiality, IT Resources for Security, Financial Resources for Security, Business Strategy for Security, Security Policy and Procedures, and Security Culture. We have developed a questionnaire to measure the assessment and importance of information security along these eight aspects. The questionnaire covers multiple locales and questionnaire respondents cover multiple roles. Data collection is currently in process. Results from our analysis of the collected data will be ready for presentation at the conference.
Keywords: Information security, Security vulnerabilities, Information confidentiality, Security policy, Security procedures, Security culture
Suggested Citation: Suggested Citation
Northeastern University - Management Information Systems Area ( email )
Boston, MA 02115
United States
Stuart E. Madnick (Contact Author)
Massachusetts Institute of Technology (MIT) - Sloan School of Management ( email )
E53-321
Cambridge, MA 02142
United States
617-253-6671 (Phone)
617-253-3321 (Fax)
Michael Siegel
Massachusetts Institute of Technology (MIT) - Sloan School of Management ( email )
E53-323
Cambridge, MA 02142
United States
617-253-2937 (Phone)
617-258-7579 (Fax)