Accession Number : ADA441250


Title :   Governing for Enterprise Security


Descriptive Note : Final rept.


Corporate Author : CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST


Personal Author(s) : Allen, Julia


Full Text : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA441250


Report Date : JUN 2005


Pagination or Media Count : 80


Abstract : Governing for enterprise security means viewing adequate security as a non-negotiable requirement of being in business. If an organization's management -- including boards of directors, senior executives, and all managers -- does not establish and reinforce the business need for effective enterprise security, the organization's desired state of security will not be articulated, achieved, or sustained. To achieve a sustainable capability, organizations must make enterprise security the responsibility of leaders at a governance level, not of other organizational roles that lack the authority, accountability, and resources to act and enforce compliance. This technical report examines governance thinking, principles, and approaches and applies them to the subject of enterprise security. Its primary intent is to increase awareness and understanding of the issues, opportunities, and possible approaches related to treating security as a governance concern. In addition, this report identifies resources for enterprise security that leaders can use both within their organizations and with their networked partners, suppliers, and customers.


Descriptors :   *MANAGEMENT PLANNING AND CONTROL , *DATA PROCESSING SECURITY , *RISK MANAGEMENT , *ACCOUNTABILITY , *INFORMATION SECURITY , INDUSTRIES , DECISION MAKING , MANAGEMENT PERSONNEL , BEHAVIOR , EXECUTIVES , COMPUTER NETWORKS , ETHICS , STANDARDS , LEADERSHIP , INFORMATION SYSTEMS


Subject Categories : ADMINISTRATION AND MANAGEMENT
      ECONOMICS AND COST ANALYSIS
      COMPUTER SYSTEMS MANAGEMENT AND STANDARDS


Distribution Statement : APPROVED FOR PUBLIC RELEASE