These pages offer some suggestions for the design and deployment of integrated information security management systems (ISMS). A key characteristic of such systems is that, while threat-recognition responsibilities may be decentralized, response-related issues, including countermeasure selection and scripting and defensive asset deployments, will generally be resolved centrally. What makes security systems of this sort increasingly interesting is the information-technology fueled trend towards increasingly more strongly centralized —i.e., command-control system oriented— enterprises in the commercial and governmental as well as the military and emergency-services sectors. Of most immediate practical import, it will be suggested here, is that ISMS constructs can be construed to be the natural security-side complements of the broad-purview (ERP-inspired, for example) management support systems that are evolving to serve such enterprises.

Barnard, L. and von Solms, R. (2000), “A Formalized Approach to the Effective Selection and Evaluation of Information Security Control,” Computers and Security 19(2): 185-194.

Baskerville, R. (1993), “Information Systems Security Design Methods: Implications for Information Systems Development,” ACM Computing Surveys 25(4): 376-414.

Busch, D. and Grant, C. J. (2003), Changing the Face of War – The Cooperative Engagement Capability, United States Navy.

Carr, H. and Charles, A. (1997), The Management of Telecommunications Business Solutions to Business Problems, McGraw-Hill, Chicago, IL.

Galbraith, J.K. (1994), A Journey through Economic Time: A First Hand View, Houghton Mifflin.

Gerber, M. and von Solms, R. (2001), “From Risk Analysis to Security Requirements,” Computers and Security 20(7): 577-584.

Gerber, M., von Solms, R. and Overbeek, P. (2001), “Formalizing Security Requirements,” Information Management and Computer Security 9(1): 32-37.

Irvine, C.E., Levin, T.E., Nguyen, T.D., Shifflett, D.J., Khosalim, J., Clark, P.C., Wong, A., Afinidad, F., Bibighaus, D., and Sears, J. (2004), ‘Overview of a High Assurance Architecture for Distributed Multilevel Security’. IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY.

Mathews, M.D. (1990). ‘A Conceptual Model for Information Systems Support of Strategic Planning within a Command and Control Environment’. School of Business, Virginia Commonwealth University. Richmond, VA. Unpublished Ph.D. Dissertation.

National Research Council (1991). Computers at Risk, National Academy Press, Washington, DC.

Sutherland, J.W. (1998), “Integrative Systems: Assessing Requirements and Capabilities for Intra- and Inter-Organizational Context,” IEEE Transactions on Systems, Man, and Cybernetics 28(2): 159-182.

Thuraisingham, B. (2005), Database and Applications Security: Integrating Information Security and Data Management, Auerbach Publications.