IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v2y2009i3p95-109.html
   My bibliography  Save this article

Blind information security strategy

Author

Listed:
  • Sveen, Finn Olav
  • Torres, Jose M.
  • Sarriegi, Jose M.

Abstract

How do enterprises relate to and manage information security controls? This paper documents a study of twenty enterprises, six of them in the critical infrastructure (CI) domain. The state of security in the CI enterprises differed little from that in the other enterprises. Information security was seen as a technical problem with technical solutions. However, vulnerabilities in processes and human fallibility create a need for formal and informal controls in addition to technical controls. These three controls are interdependent. They vary widely in implementation time and resource needs, which render the task of building security resources a challenging problem. This paper presents a system dynamics model that illustrates how security controls are interconnected and are interdependent at a high level. The model is intended to aid security managers in CI domains to better understand information security management strategies, especially the complexities involved in managing a socio-technical system where human, organizational and technical factors interact. The model also demonstrates how the knowledge gained from proactive security activities can help managers improve the effectiveness of security controls, risk assessments and incident detection capabilities.

Suggested Citation

  • Sveen, Finn Olav & Torres, Jose M. & Sarriegi, Jose M., 2009. "Blind information security strategy," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(3), pages 95-109.
    • Handle: RePEc:eee:ijocip:v:2:y:2009:i:3:p:95-109
    DOI: 10.1016/j.ijcip.2009.07.003
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548209000195
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2009.07.003?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Vennix, Jac A. M. & Andersen, David F. & Richardson, George P. & Rohrbaugh, John, 1992. "Model-building for group decision support: Issues and alternatives in knowledge elicitation," European Journal of Operational Research, Elsevier, vol. 59(1), pages 28-41, May.
    2. Kevin B. Hendricks & Vinod R. Singhal, 1996. "Quality Awards and the Market Value of the Firm: An Empirical Investigation," Management Science, INFORMS, vol. 42(3), pages 415-436, March.
    3. Kevin B. Hendricks & Vinod R. Singhal, 1997. "Does Implementing an Effective TQM Program Actually Improve Operating Performance? Empirical Evidence from Firms That Have Won Quality Awards," Management Science, INFORMS, vol. 43(9), pages 1258-1274, September.
    4. Easton, George S & Jarrell, Sherry L, 1998. "The Effects of Total Quality Management on Corporate Performance: An Empirical Investigation," The Journal of Business, University of Chicago Press, vol. 71(2), pages 253-307, April.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Atif Ahmad & Kevin C. Desouza & Sean B. Maynard & Humza Naseer & Richard L. Baskerville, 2020. "How integration of cyber security management and incident response enables organizational learning," Journal of the Association for Information Science & Technology, Association for Information Science & Technology, vol. 71(8), pages 939-953, August.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Charles J. Corbett & María J. Montes-Sancho & David A. Kirsch, 2005. "The Financial Impact of ISO 9000 Certification in the United States: An Empirical Analysis," Management Science, INFORMS, vol. 51(7), pages 1046-1059, July.
    2. David I. Levine & Michael W. Toffel, 2010. "Quality Management and Job Quality: How the ISO 9001 Standard for Quality Management Systems Affects Employees and Employers," Management Science, INFORMS, vol. 56(6), pages 978-996, June.
    3. Kevin B. Hendricks & Vinod R. Singhal, 2001. "The Long-Run Stock Price Performance of Firms with Effective TQM Programs," Management Science, INFORMS, vol. 47(3), pages 359-368, March.
    4. Sadikoglu, Esin & Zehir, Cemal, 2010. "Investigating the effects of innovation and employee performance on the relationship between total quality management practices and firm performance: An empirical study of Turkish firms," International Journal of Production Economics, Elsevier, vol. 127(1), pages 13-26, September.
    5. Tari, Juan Jose & Molina, Jose Francisco & Castejon, Juan Luis, 2007. "The relationship between quality management practices and their effects on quality outcomes," European Journal of Operational Research, Elsevier, vol. 183(2), pages 483-501, December.
    6. Joshua G. Rosett & Richard N. Rosett, 1999. "Characteristics of TQM: Evidence from the RIT/USA Today Quality Cup Competition," NBER Working Papers 7241, National Bureau of Economic Research, Inc.
    7. Irina I. Frolova & Emma N. Gilyazeva, 2018. "Foreign Experience of TQM Application in Practice," Journal of New Economy, Ural State University of Economics, vol. 19(2), pages 36-49, April.
    8. Charles J. Corbett & Robert D. Klassen, 2006. "Extending the Horizons: Environmental Excellence as Key to Improving Operations," Manufacturing & Service Operations Management, INFORMS, vol. 8(1), pages 5-22, March.
    9. Lin, Chin-Sen & Su, Chao-Ton, 2013. "The Taiwan national quality award and market value of the firms: An empirical study," International Journal of Production Economics, Elsevier, vol. 144(1), pages 57-67.
    10. Corredor, Pilar & Goñi, Salomé, 2011. "TQM and performance: Is the relationship so obvious?," Journal of Business Research, Elsevier, vol. 64(8), pages 830-838, August.
    11. Nicolau, Juan Luis & Sellers, Ricardo, 2010. "The quality of quality awards: Diminishing information asymmetries in a hotel chain," Journal of Business Research, Elsevier, vol. 63(8), pages 832-839, August.
    12. Ana Kundid Novokmet & Andrijana Rogošiæ, 2017. "Long-Term Financial Effects of Quality Management System Maturity Based on ISO 9001 Principles," The AMFITEATRU ECONOMIC journal, Academy of Economic Studies - Bucharest, Romania, vol. 19(S11), pages 1003-1003.
    13. David M. Goldberg & Jason K. Deane & Terry R. Rakes & Loren Paul Rees, 2022. "3D Printing Technology and the Market Value of the Firm," Information Systems Frontiers, Springer, vol. 24(4), pages 1379-1392, August.
    14. Nicolau, Juan Luis & Sellers, Ricardo, 2002. "The stock market's reaction to quality certification: Empirical evidence from Spain," European Journal of Operational Research, Elsevier, vol. 142(3), pages 632-641, November.
    15. Edward Conlon & Sarv Devaraj & Khalil F. Matta, 2001. "The Relationship Between Initial Quality Perceptions and Maintenance Behavior: The Case of the Automotive Industry," Management Science, INFORMS, vol. 47(9), pages 1191-1202, September.
    16. Martinez-Costa, Micaela & Martinez-Lorente, Angel R. & Choi, Thomas Y., 2008. "Simultaneous consideration of TQM and ISO 9000 on performance and motivation: An empirical study of Spanish companies," International Journal of Production Economics, Elsevier, vol. 113(1), pages 23-39, May.
    17. McGuire, Stephen J. & Dilts, David M., 2008. "The financial impact of standard stringency: An event study of successive generations of the ISO 9000 standard," International Journal of Production Economics, Elsevier, vol. 113(1), pages 3-22, May.
    18. Muhammad Khuram Khalil & Umaporn Muneenam, 2021. "Total Quality Management Practices and Corporate Green Performance: Does Organizational Culture Matter?," Sustainability, MDPI, vol. 13(19), pages 1-27, October.
    19. Özlem Yaþar Uðurlu & Nurettin Ýbrahimoðlu & Sibel Ayas, 2013. "A Content Analysis on Management Fashions in Turkish Manufacturing Companies," International Review of Management and Marketing, Econjournals, vol. 3(4), pages 164-183.
    20. Lo, Chris K.Y. & Yeung, Andy C.L. & Cheng, T.C.E., 2009. "ISO 9000 and supply chain efficiency: Empirical evidence on inventory and account receivable days," International Journal of Production Economics, Elsevier, vol. 118(2), pages 367-374, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:2:y:2009:i:3:p:95-109. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.