CitationDownload as .RIS
Emerald Group Publishing Limited
Copyright © 2006, Emerald Group Publishing Limited
Awards for excellence
The Donn B. Parker Award
This award is named after Donn B. Parker, who, in the early 1970s, through his research and many publications introduced business management to the concept of computer security. His coining of the term “computer abuse” helped to draw attention to this important business function. Donn Parker is now heavily involved in the International Information Integrity Institute, the so-called I4 Research group at SRI International.
Information Management & Computer Security
"E-enterprise security management life cycle"
Stephen C. ShihSouthern Illinois University, Carbondale, Illinois, USA
H. Joseph WenSoutheast Missouri State University, Cape Girardeau, Missouri, USA
Purpose – One of the purposes of this paper is to discuss special security concerns and new challenges at front-end e-business and back-end supply chain operations. An e-enterprise security management life cycle (eSMLC) is then proposed to ensure the unification and congruity of e- enterprise security management. Design/methodology/approach – To demonstrate the practicality of the eSMLC, a case study is presented to depict the application and implementation of the methodology at a leading US heating, ventilating, and air-conditioning manufacturing company.Findings – The case study substantiates that the eSMLC methodology can be employed as a unified mechanism to provide central, cohesive control and global visibility. It helps security professionals in the company develop practical steps and sustainable solutions for tackling the unique security challenges arising in an open, unbounded e-enterprise environment.Practical implications – Implementing eSMLC can help the security specialists focus on different critical security management jobs in a sequential but interrelated and logical manner. Through the use of eSMLC, in-depth understanding of the potential environmental risks can be properly acquired. The methodology also helps managers perform a proactive analysis of the consequences of security breaches in relation to risks. Originality/value – The proposed eSMLC methodology provides a viable foundation for building a secure and manageable computing environment using a recommended set of solutions, processes, procedures, and technologies. eSMLC methodology renders a unified, structured framework which helps develop an actual security plan and solutions and/or improve currently used security standards, practices, and configurations in response to special security requirements and long-term e-business needs.This article originally appeared in Volume 13 Number 2, 2005, pp. 121-34, of Information Management & Computer Security, Editor: Donn B. Parker
Highly commended papersInformation Management & Computer Security“An automated framework for managing security vulnerabilities”A. Al-Ayed, S.M. Furnell, D. Zhao and P.S. DowlandUniversity of Plymouth, UKVol. 13 No. 2, 2005
“Dynamic content attacks on digital signatures”Adil Alsaid and Chris J. MitchellRoyal Holloway, University of London, UKVol. 13 No. 4, 2005
“Intelligent authentication, authorization, and administration”Dan EigelesKiryat Ata, IsraelVol. 13 No. 5, 2005