This thesis explores the different types of information security management decision making that take place within an organisation. It identifies how the construction of an information security management system (ISMS) alters in order to respond to different organisational variations, identifies the resource implications of making these alterations, and describes how the process of embedding an ISMS into the operational fabric of an organisation changes the way in which information security is managed. This thesis responds to the following "real world" problem: quantifying the type of resource needed to develop and maintain an ISMS is difficult because little is known about how ISMS are structured and how they respond to organisational variations. Documentation only considers ISMS in terms of its response to information security risk. As a result, not only is it difficult to quantify the resource required to manage information security, but it is also difficult to measure and compare the effectiveness of ISMS. This real world problem is paralleled by the following academic problem: ISMS theory is largely based on the views of practitioners and has not been augmented by systematic objective organisational research. In addition, existing information security management research shows that there are clear synergies with organisational sociology, organisation theory and cybernetics but these synergies have not been extensively reviewed. As a result, there is no specific academic platform from which to develop a theory of ISMS design. In response to these real-world and academic problems, this research contributes to the development of organisation theory relevant to information security management and is based on systematic organisational investigation. As a conclusion to this research, a theory of ISMS design is developed that has synergy with theories of organisational sociology, organisation theory and cybernetics but that also shows clear characteristics of its own.
| Identifer | oai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:544150 |
| Date | January 2008 |
| Creators | Coles-Kemp, Elizabeth |
| Publisher | King's College London (University of London) |
| Source Sets | Ethos UK |
| Detected Language | English |
| Type | Electronic Thesis or Dissertation |
| Source | https://kclpure.kcl.ac.uk/portal/en/theses/the-anatomy-of-an-information-security-management-system(08ef0714-a5aa-4b6e-b322-8a174da6a2b9).html |
Page generated in 0.0015 seconds