Dying of a Hundred Good Symptoms: Why Good Security Can Still Fail - A Literature Review and Analysis
Many organizations suffer serious information security incidents, despite having taken positive steps towards achieving good security standards. Security certifications and high levels of maturity may have been obtained, but fundamental security problems remain. The authors hypothesize that these issues are often as a result of security arrangements not being sufficiently integrated with how the whole organization actually goes about its business. Whether embarking on a new Enterprise Information System (EIS) or refreshing a security strategy, we believe that adopting an enterprise architecture (EA) approach to implementing information security – commonly referred to as an ‘Enterprise Information Security Architecture’ (EISA) - will deliver substantial benefits. However, EAs typically require specialist resources to develop and maintain them, and this takes time; which makes it difficult for architectures to keep pace with business change. These barriers must be overcome if the EISA is to be effective. Our paper has reviewed and analyzed literature concerning the root causes of information security incidents and describes a novel approach for ensuring that the most critical factors are considered when building an EISA framework. We propose 8 domains that must be managed together to ensure that an EISA is successful.
Citation : Loft, P., He, Y., Janicke, H. and Wagner, I. (2019) Dying of a Hundred Good Symptoms: Why Good Security Can Still Fail - A Literature Review and Analysis. Enterprise Information Systems,
ISSN : 1751-7575
Research Institute : Cyber Technology Institute (CTI)
Peer Reviewed : Yes