Building a Practical Framework for Enterprise-Wide Security Management

Abstract

This presentation first describes the problem of cybersecurity from a reactive/intruder-based perspective, as we in the security community typically consider it. What becomes clear is that we cannot continue to attempt to solve the security problem solely from this point of view. We will never catch up or be able to fully anticipate new and increasingly sophisticated attack patterns or even old ones with known solutions that continue to proliferate. We must begin to broaden the solution to encompass an enterprise wide, proactive, and controls- and process-based approach that addresses impact, not just threat and vulnerability. From this broader vantage point, we offer several promising ways to think about the problem and tackle it effectively, based on current work with high performing organizations. We call this approach Enterprise Security Management.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 28, 2004
Accession Number
ADA640318

Entities

People

  • Julia H. Allen

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Business Administration
  • Commerce
  • Community Of Practice
  • Computer Network Security
  • Computers
  • Cyberattacks
  • Cybersecurity
  • Denial Of Service Attack
  • Information Security
  • Information Systems
  • Law
  • Management Personnel
  • Organizational Structure
  • Project Management
  • Security
  • Software Development
  • Systems Engineering

Fields of Study

  • Computer science

Readers

  • Defense Acquisition Program Management
  • Strategic Security Studies
  • Systems Analysis and Design

Technology Areas

  • Cyber