To read the full version of this content please select one of the options below:

A utilitarian re-examination of enterprise-scale information security management

Andrew Stewart (Seattle, Washington, USA)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 12 March 2018

270

Abstract

Purpose

An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks.

Design/methodology/approach

The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations.

Findings

The author identifies a number of information security management practices that are considered to be “best practice” in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses.

Originality/value

Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent to which the literature can support practical, real-world activities. In both the areas, we have identified a number of opportunities to perform further work.

Keywords

Citation

Stewart, A. (2018), "A utilitarian re-examination of enterprise-scale information security management", Information and Computer Security, Vol. 26 No. 1, pp. 39-57. https://doi.org/10.1108/ICS-03-2017-0012

Publisher

:

Emerald Publishing Limited

Copyright © 2018, Emerald Publishing Limited

Related articles