Discussion: strike back: offensive actions in information warfare
Proceedings of the 1999 workshop on New security paradigms
Attack net penetration testing
Proceedings of the 2000 workshop on New security paradigms
Adversary work factor as a metric for information assurance
Proceedings of the 2000 workshop on New security paradigms
Computer Security Management
Fighting Computer Crime
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
A Practical Approach to Enterprise IT Security
IT Professional
COMPSAC '02 Proceedings of the 26th International Computer Software and Applications Conference on Prolonging Software Life: Development and Redevelopment
An approach to usable security based on event monitoring and visualization
Proceedings of the 2002 workshop on New security paradigms
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Communications of the ACM - Homeland security
Computer Security in the Real World
Computer
Resilient infrastructure for network security
Complexity - Special issue: Resilient and adaptive defense of computing networks
Autonomic defense: thwarting automated attacks via real-time feedback control
Complexity - Special issue: Resilient and adaptive defense of computing networks
IEEE Security and Privacy
ACM SIGMIS Database
Guest Editors' Introduction: Why Attacking Systems Is a Good Idea
IEEE Security and Privacy
Risk-based Systems Security Engineering: Stopping Attacks with Intention
IEEE Security and Privacy
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Toward an Automated Attack Model for Red Teams
IEEE Security and Privacy
IPMatrix: An Effective Visualization Framework for Cyber Threat Monitoring
IV '05 Proceedings of the Ninth International Conference on Information Visualisation
Generating Policies for Defense in Depth
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Measuring the Effectiveness of Honeypot Counter-Counterdeception
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 06
Learning from Information Security History
IEEE Security and Privacy
Evaluating information assurance strategies
Decision Support Systems
Strategic Approach to Information Security in Organizations
ICISS '08 Proceedings of the 2008 International Conference on Information Science and Security
Considering Defense in Depth for Software Applications
IEEE Security and Privacy
Information Systems Research
A Game Theoretic Investigation of Deception in Network Security
ICCCN '09 Proceedings of the 2009 Proceedings of 18th International Conference on Computer Communications and Networks
Threat Mitigation, Monitoring and Management Plan - A New Approach in Risk Management
ARTCOM '09 Proceedings of the 2009 International Conference on Advances in Recent Technologies in Communication and Computing
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Does deterrence work in reducing information security policy abuse by employees?
Communications of the ACM
Situation awareness mechanisms for wireless sensor networks
IEEE Communications Magazine
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
Defence-In-Depth: Application firewalls in a defence-in-depth design
Network Security
Defence in depth: Defence in depth - protecting the queen
Network Security
Internet infrastructure security: a taxonomy
IEEE Network: The Magazine of Global Internetworking
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
| Hi-index | 0.00 |
There considerable advice in both research and practice oriented literature on the topic of information security. Most of the discussion in literature focuses on how to prevent security attacks using technical countermeasures even though there are a number of other viable strategies such as deterrence, deception, detection and response. This paper reports on a qualitative study, conducted in Korea, to determine how organizations implement security strategies to protect their information systems. The findings reveal a deeply entrenched preventive mindset, driven by the desire to ensure availability of technology and services, and a comparative ignorance of exposure to business security risks. Whilst there was some evidence of usage of other strategies, they were also deployed in a preventive capacity. The paper presents a research agenda that calls for research on enterprise-wide multiple strategy deployment with a focus on how to combine, balance and optimize strategies.