Building a Practical Framework for Enterprise-Wide Security Management

Allen, Julia H.

Building a Practical Framework for Enterprise-Wide Security Management

Active / Technical Report | Accession Number: ADA640318 |

Open PDF

Abstract:

This presentation first describes the problem of cybersecurity from a reactiveintruder-based perspective, as we in the security community typically consider it. What becomes clear is that we cannot continue to attempt to solve the security problem solely from this point of view. We will never catch up or be able to fully anticipate new and increasingly sophisticated attack patterns or even old ones with known solutions that continue to proliferate. We must begin to broaden the solution to encompass an enterprise wide, proactive, and controls- and process-based approach that addresses impact, not just threat and vulnerability. From this broader vantage point, we offer several promising ways to think about the problem and tackle it effectively, based on current work with high performing organizations. We call this approach Enterprise Security Management.

Author(s):

Allen, Julia H.

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Descriptive Note:

Annotated briefing charts

Supplementary Note:

Presented at the Secure IT Conference, San Francisco, CA, on 27-30 April 2004. The original document contains color images.

Pagination:

0059

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

DOD

Subject Terms

Joint Capability Areas:

JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_5_Command and Control; JCA_5.3_Planning; JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_6.2.3_Core Enterprise Services; JCA_7_Protection; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_4.7.2_Installation Services; JCA_4.7_Base and Installations Support; JCA_7.2_Mitigate; JCA_7.2.1_Mitigate Lethal Effects; JCA_5.3.2_Apply Situational Understanding; JCA_1_Force Support; JCA_1.2_Force Preparation; JCA_5.3.3_Develop Strategy; JCA_1.2.3_Educating; JCA_6.2.1_Information Sharing

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*COMPUTER SECURITY, *RISK MANAGEMENT, INFORMATION SYSTEMS

Field(s)/Group(s):

Administration and Management, Information Science, Computer Systems Management and Standards

Keyword(s):

BRIEFING CHARTS, ENTERPRISE SECURITY MANAGEMENT, INFORMATION SURVIVABILITY, SIX SIGMA, CRITICAL SUCCESS FACTORS

Report Date:

2004 Apr 28

Creation Date:

2016 Dec 05