1st Edition

Responsive Security Be Ready to Be Secure

By Meng-Chow Kang Copyright 2014
    260 Pages 33 B/W Illustrations
    by CRC Press

    259 Pages 33 B/W Illustrations
    by CRC Press

    Responsive Security: Be Ready to Be Secure explores the challenges, issues, and dilemmas of managing information security risk, and introduces an approach for addressing concerns from both a practitioner and organizational management standpoint. Utilizing a research study generated from nearly a decade of action research and real-time experience, this book introduces the issues and dilemmas that fueled the study, discusses its key findings, and provides practical methods for managing information security risks. It presents the principles and methods of the responsive security approach, developed from the findings of the study, and details the research that led to the development of the approach.

    • Demonstrates the viability and practicality of the approach in today’s information security risk environment
    • Demystifies information security risk management in practice, and reveals the limitations and inadequacies of current approaches
    • Provides comprehensive coverage of the issues and challenges faced in managing information security risks today

    The author reviews existing literature that synthesizes current knowledge, supports the need for, and highlights the significance of the responsive security approach. He also highlights the concepts, strategies, and programs commonly used to achieve information security in organizations.

    Responsive Security: Be Ready to Be Secure examines the theories and knowledge in current literature, as well as the practices, related issues, and dilemmas experienced during the study. It discusses the reflexive analysis and interpretation involved in the final research cycles, and validates and refines the concepts, framework, and methodology of a responsive security approach for managing information security risk in a constantly changing risk environment.

    Introduction
    Background and Motivations
    Purpose
    Questions
    Research Methodology
    Organization of Subsequent Chapters
    Endnotes

    Knowledge, Issues, and Dilemmas
    Introduction
    Information Security
    Principles and Approaches
    Information Security Risk Management Strategy
    Information Security Program
    Responding to Change
    Current Research and Social Perspectives
    Conclusion
    Endnotes

    Practice, Issues, and Dilemmas
    Information Risk Management (IRM) Practices
    Social–Technical Approach
    Endnotes

    Responsive Security
    Piezoelectric Metaphor
    BETA’s Approach to Emerging Risks and Attacks
    Learning from Tsunami Incident
    Revealing Uncertainties and Making Risks Visible
    Responsive, Reactive, and Proactive Strategies

    Criticality Alignment

    Testing Responsive Approach at GAMMA

    Learning from Antinny Worm Case Study

    Refining Responsive Approach

    Responsive Learning

    Endnotes

    Conclusions and Implications

    Summary and Results

    Conclusions about Each Research Question

    Implications for Theory

    Implications for Policy and Practice

    Suggestions for Further Research

    Endnotes

    Appendices

    References

    Index

    Biography

    Meng-Chow Kang, PhD, earned an MSc in information security from the Royal Holloway and Bedford New College, University of London, and completed his PhD program in information security risk management at the Southern Cross University in Australia. He co-founded the Regional Asia Information Security Exchange (RAISE) Forum (raiseforum.org) that serves as a platform for regional information sharing and contributes to international standards development in ISO and ITU-T. He has been contributing to the development and adoption of international standards relating to information security since 1998, served as the first chair for ISO/IEC JTC 1/SC 27/WG 4 on Security Controls and Services Standards development from 2006 to 2012, and his work has been recognized with numerous industry awards.