Responsive Security: Be Ready to Be Secure explores the challenges, issues, and dilemmas of managing information security risk, and introduces an approach for addressing concerns from both a practitioner and organizational management standpoint. Utilizing a research study generated from nearly a decade of action research and real-time experience, this book introduces the issues and dilemmas that fueled the study, discusses its key findings, and provides practical methods for managing information security risks. It presents the principles and methods of the responsive security approach, developed from the findings of the study, and details the research that led to the development of the approach.
Demonstrates the viability and practicality of the approach in today's information security risk environment
Demystifies information security risk management in practice, and reveals the limitations and inadequacies of current approaches
Provides comprehensive coverage of the issues and challenges faced in managing information security risks today
The author reviews existing literature that synthesizes current knowledge, supports the need for, and highlights the significance of the responsive security approach. He also highlights the concepts, strategies, and programs commonly used to achieve information security in organizations.
Responsive Security: Be Ready to Be Secure examines the theories and knowledge in current literature, as well as the practices, related issues, and dilemmas experienced during the study. It discusses the reflexive analysis and interpretation involved in the final research cycles, and validates and refines the concepts, framework, and methodology of a responsive security approach for managing information security risk in a constantly changing risk environment.
Meng-Chow Kang, PhD, earned an MSc in information security from the Royal Holloway and Bedford New College, University of London, and completed his PhD program in information security risk management at the Southern Cross University in Australia. He co-founded the Regional Asia Information Security Exchange (RAISE) Forum (raiseforum.org) that serves as a platform for regional information sharing and contributes to international standards development in ISO and ITU-T. He has been contributing to the development and adoption of international standards relating to information security since 1998, served as the first chair for ISO/IEC JTC 1/SC 27/WG 4 on Security Controls and Services Standards development from 2006 to 2012, and his work has been recognized with numerous industry awards.
Introduction Background and Motivations Purpose Questions Research Methodology Organization of Subsequent Chapters Endnotes Knowledge, Issues, and Dilemmas Introduction Information Security Principles and Approaches Information Security Risk Management Strategy Information Security Program Responding to Change Current Research and Social Perspectives Conclusion Endnotes Practice, Issues, and Dilemmas Information Risk Management (IRM) Practices Social-Technical Approach Endnotes Responsive Security Piezoelectric Metaphor BETA's Approach to Emerging Risks and Attacks Learning from Tsunami Incident Revealing Uncertainties and Making Risks Visible Responsive, Reactive, and Proactive Strategies Criticality Alignment Testing Responsive Approach at GAMMA Learning from Antinny Worm Case Study Refining Responsive Approach Responsive Learning Endnotes Conclusions and Implications Summary and Results Conclusions about Each Research Question Implications for Theory Implications for Policy and Practice Suggestions for Further Research Endnotes Appendices References Index