You are here: Home Contents V2 N1 V2N1_Korzyk.html
Personal tools

A Conceptual Model for Integrative Information Systems Security



Full text

Journal of Information Systems Security
Volume 2, Number 1 (2006)
Pages 4459
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Alexander D. Korzyk — University of Idaho, USA
John W. Sutherland — Virginia Commonwealth University, USA
Heinz Roland Weistroffer — Virginia Commonwealth University, USA
Information Institute Publishing, Washington DC, USA




These pages offer some suggestions for the design and deployment of integrated information security management systems (ISMS). A key characteristic of such systems is that, while threat-recognition responsibilities may be decentralized, response-related issues, including countermeasure selection and scripting and defensive asset deployments, will generally be resolved centrally. What makes security systems of this sort increasingly interesting is the information-technology fueled trend towards increasingly more strongly centralized —i.e., command-control system oriented— enterprises in the commercial and governmental as well as the military and emergency-services sectors. Of most immediate practical import, it will be suggested here, is that ISMS constructs can be construed to be the natural security-side complements of the broad-purview (ERP-inspired, for example) management support systems that are evolving to serve such enterprises.




Conceptual Model, Integrative, Integrated SYstems, Security Model, Security Management




Barnard, L. and von Solms, R. (2000), “A Formalized Approach to the Effective Selection and Evaluation of Information Security Control,” Computers and Security 19(2): 185-194.

Baskerville, R. (1993), “Information Systems Security Design Methods: Implications for Information Systems Development,” ACM Computing Surveys 25(4): 376-414.

Busch, D. and Grant, C. J. (2003), Changing the Face of War – The Cooperative Engagement Capability, United States Navy.

Carr, H. and Charles, A. (1997), The Management of Telecommunications Business Solutions to Business Problems, McGraw-Hill, Chicago, IL.

Galbraith, J.K. (1994), A Journey through Economic Time: A First Hand View, Houghton Mifflin.

Gerber, M. and von Solms, R. (2001), “From Risk Analysis to Security Requirements,” Computers and Security 20(7): 577-584.

Gerber, M., von Solms, R. and Overbeek, P. (2001), “Formalizing Security Requirements,” Information Management and Computer Security 9(1): 32-37.

Irvine, C.E., Levin, T.E., Nguyen, T.D., Shifflett, D.J., Khosalim, J., Clark, P.C., Wong, A., Afinidad, F., Bibighaus, D., and Sears, J. (2004), ‘Overview of a High Assurance Architecture for Distributed Multilevel Security’. IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY.

Mathews, M.D. (1990). ‘A Conceptual Model for Information Systems Support of Strategic Planning within a Command and Control Environment’. School of Business, Virginia Commonwealth University. Richmond, VA. Unpublished Ph.D. Dissertation.

National Research Council (1991). Computers at Risk, National Academy Press, Washington, DC.

Sutherland, J.W. (1998), “Integrative Systems: Assessing Requirements and Capabilities for Intra- and Inter-Organizational Context,” IEEE Transactions on Systems, Man, and Cybernetics 28(2): 159-182.

Thuraisingham, B. (2005), Database and Applications Security: Integrating Information Security and Data Management, Auerbach Publications.