It’s all Greek to me: Aligning Business, Information Technology, and Information Security
- Business, technology, and security all speak different languages.
- Business models, technology models, security models
- All have common ideas (systems concepts) but all have different goals and objectives
- We need to ground our discussions in common frameworks lest we talk past one another.
- NIST Terminology that may give trouble
- Asset Management
- Business environment
- Risk Assessment
- Risk Management Strategy
vii. Communications (used twice in two different contexts
- Improvements (used twice in two different contexts
- Common theoretical grounding?
- When talking with these different parties, we should also recognize that the security capabilitiesare different between organizations based upon not only industry, and markets, but also organizational size.
- What we’ve done – created a survey that will validate security ideas in a business context – this will verify that we have commonalities that can be expressed to
5. How did we create the survey? We coded 23 security articles by the same practitioner to identify specific ideas from those articles. We then grouped those ideas into commonly accepted business
constructs. We surveying security practitioners to confirm that the constructs are not only acknowledged as valid
Herbert Gomez*, Dr. Delmer Nagy, Dr. Joseph Schuessler, and Mr. Art Dearing
Judging Forms – Official judges only