Responsive Security: Be Ready to Be Secure explores the challenges, issues, and dilemmas of managing information security risk, and introduces an approach for addressing concerns from both a practitioner and organizational management standpoint. Utilizing a research study generated from nearly a decade of action research and real-time experience, this book introduces the issues and dilemmas that fueled the study, discusses its key findings, and provides practical methods for managing information security risks. It presents the principles and methods of the responsive security approach, developed from the findings of the study, and details the research that led to the development of the approach.
- Demonstrates the viability and practicality of the approach in today’s information security risk environment
- Demystifies information security risk management in practice, and reveals the limitations and inadequacies of current approaches
- Provides comprehensive coverage of the issues and challenges faced in managing information security risks today
The author reviews existing literature that synthesizes current knowledge, supports the need for, and highlights the significance of the responsive security approach. He also highlights the concepts, strategies, and programs commonly used to achieve information security in organizations.
Responsive Security: Be Ready to Be Secure
examines the theories and knowledge in current literature, as well as the practices, related issues, and dilemmas experienced during the study. It discusses the reflexive analysis and interpretation involved in the final research cycles, and validates and refines the concepts, framework, and methodology of a responsive security approach for managing information security risk in a constantly changing risk environment.Introduction
Background and Motivations
Purpose
Questions
Research Methodology
Organization of Subsequent Chapters
Endnotes
Knowledge, Issues, and Dilemmas
Introduction
Information Security
Principles and Approaches
Information Security Risk Management Strategy
Information Security Program
Responding to Change
Current Research and Social Perspectives
Conclusion
Endnotes
Practice, Issues, and Dilemmas
Information Risk Management (IRM) Practices
Social–Technical Approach
Endnotes
Responsive Security
Piezoelectric Metaphor
BETA’s Approach to Emerging Risks and Attacks
Learning from Tsunami Incident
Revealing Uncertainties and Making Risks Visible
Responsive, Reactive, and Proactive Strategies
Criticality Alignment
Testing Responsive Approach at GAMMA
Learning from Antinny Worm Case Study
Refining Responsive Approach
Responsive Learning
Endnotes
Conclusions and Implications
Summary and Results
Conclusions about Each Research Question
Implications for Theory
Implications for Policy and Practice
Suggestions for Further Research
Endnotes
Appendices
References
Index
Biography
Meng-Chow Kang, PhD, earned an MSc in information security from the Royal Holloway and Bedford New College, University of London, and completed his PhD program in information security risk management at the Southern Cross University in Australia. He co-founded the Regional Asia Information Security Exchange (RAISE) Forum (raiseforum.org) that serves as a platform for regional information sharing and contributes to international standards development in ISO and ITU-T. He has been contributing to the development and adoption of international standards relating to information security since 1998, served as the first chair for ISO/IEC JTC 1/SC 27/WG 4 on Security Controls and Services Standards development from 2006 to 2012, and his work has been recognized with numerous industry awards.