A year affair with security

Laurence Holt
2006 Proceedings of the 3rd annual conference on Information security curriculum development - InfoSecCD '06  
Development of a security program is a complex task but adaptation of standard models and procedures can simplify the task. The challenge is to make the program complex enough that it protects all the areas of risk but simple enough to be comprehensible and acceptable by non-security management and employees. A model for a corporate risk profile and a variant of the McCumber cube are offered. A program methodology of define, control, monitor is explained. These areas are explored in the context
more » ... of a new security manager developing an information security program for a large, global corporation.
doi:10.1145/1231047.1231076 dblp:conf/infoseccd/Holt06 fatcat:3alcwlutjncttozmvkxsobiq3i