Abstract: Information security is tasked with protecting the confidentiality, integrity, and availability of an organizations information resource. A key aspect in protecting these resources is developing an understanding of the threats, vulnerabilities, and exposures that they face by using Risk Management. The objective of Risk Management is to identify, quantify and manage information security risks to achieve organizations objectives through a number of tasks utilizing key Risk Management techniques. Risk Management is a process that ensures that the impact of threats exploiting vulnerabilities is within acceptable limits and at an acceptable cost. With the increased complexity of modern dynamic networks, traditional defence mechanisms are failing and as a result cyber crime is on the rise [FBI03]. This puts organizations and corporations at risk as the defences are ill-fitted and weak [KBM04]. No information system can be absolutely secure, especially large and complex systems. Embedded security works for isolated, dedicated systems with few users but does not offer cost effective security, and even worse does not always handle security based on a real threat (this is manly due to it inherent inflexibility). A military strategy within the field of information operations suggests a method of information superiority bases on the OODA-loop. This theses propose a method of information security protection based on a combination of risk management techniques and information operation (foremost the OODA-loop). This is in order to ensure a cost effective and a viable future for information security in large and complex systems, where the war at least at present time is lost to the “black hats”, a term often used to describe a menaced hacker.
AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)