The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
A framework for using insurance for cyber-risk management
Communications of the ACM
Management of Information Security
Management of Information Security
Aligning information security investments with a firm's risk tolerance
InfoSecCD '05 Proceedings of the 2nd annual conference on Information security curriculum development
| Hi-index | 0.00 |
Information Technology (IT) security has been a highlight of every organization since the inception of computer systems. We have seen the emergence of various forms of IT security or access controls from passwords to biometrics, especially biometrics. This paper is a compilation of different journals, articles and classroom discussions, where five key points have been extracted to show how to effectively manage access controls in organization. The five key points include upper level management's responsibility to (1) establish and implement a System-Specific Policy (SSP) and Access Control Policy (ACP) for access control, (2) foster an environment of trust with their employees, (3) overlap access control with risk management, (4) establish an optimum level of information security spending, and (5) have a liability or insurance policy for losses.