An evaluation methodology of enterprise security management systems

Sangkyun Kim; Choom Seong Leem; Hong Joo Lee

An evaluation methodology of enterprise security management systems

Sangkyun Kim, Choom Seong Leem, Hong Joo Lee

Department of Industrial Engineering

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Traditional methodologies related with an analysis, assessment or evaluation of enterprise security management systems are risk analysis methods. These consist of sophisticated processes of an asset identification and valuation, vulnerability analysis, threat analysis, and risk calculation which require very long time and heavy resources. The risk analysis approaches lack in showing an analysis result with strategic management viewpoints because these only focus on an analysis of each asset with perspectives of there value and possible loss. This paper provides an integrated approach of the evaluation methodology of enterprise security management systems. It consists of an evaluation process model and evaluation criteria. A case study proves the real value of this methodology. With a process model and evaluation criteria provided in this paper, a security officer could deliver the enterprise-wide security planning status to executive managers without burden of time and resources.

Original language	English
Pages (from-to)	303-312
Number of pages	10
Journal	International Journal of Operations and Quantitative Management
Volume	11
Issue number	4
Publication status	Published - 2005

All Science Journal Classification (ASJC) codes

Business and International Management
Strategy and Management
Management Science and Operations Research
Information Systems and Management
Management of Technology and Innovation

Cite this

@article{16e1a30cde4444bca9c248cfc7213003,

title = "An evaluation methodology of enterprise security management systems",

abstract = "Traditional methodologies related with an analysis, assessment or evaluation of enterprise security management systems are risk analysis methods. These consist of sophisticated processes of an asset identification and valuation, vulnerability analysis, threat analysis, and risk calculation which require very long time and heavy resources. The risk analysis approaches lack in showing an analysis result with strategic management viewpoints because these only focus on an analysis of each asset with perspectives of there value and possible loss. This paper provides an integrated approach of the evaluation methodology of enterprise security management systems. It consists of an evaluation process model and evaluation criteria. A case study proves the real value of this methodology. With a process model and evaluation criteria provided in this paper, a security officer could deliver the enterprise-wide security planning status to executive managers without burden of time and resources.",

author = "Sangkyun Kim and Leem, {Choom Seong} and Lee, {Hong Joo}",

year = "2005",

language = "English",

volume = "11",

pages = "303--312",

journal = "International Journal of Operations and Quantitative Management",

issn = "1082-1910",

publisher = "International Forum of Management Scholars (INFOMS)",

number = "4",

}

TY - JOUR

T1 - An evaluation methodology of enterprise security management systems

AU - Kim, Sangkyun

AU - Leem, Choom Seong

AU - Lee, Hong Joo

PY - 2005

Y1 - 2005

N2 - Traditional methodologies related with an analysis, assessment or evaluation of enterprise security management systems are risk analysis methods. These consist of sophisticated processes of an asset identification and valuation, vulnerability analysis, threat analysis, and risk calculation which require very long time and heavy resources. The risk analysis approaches lack in showing an analysis result with strategic management viewpoints because these only focus on an analysis of each asset with perspectives of there value and possible loss. This paper provides an integrated approach of the evaluation methodology of enterprise security management systems. It consists of an evaluation process model and evaluation criteria. A case study proves the real value of this methodology. With a process model and evaluation criteria provided in this paper, a security officer could deliver the enterprise-wide security planning status to executive managers without burden of time and resources.

AB - Traditional methodologies related with an analysis, assessment or evaluation of enterprise security management systems are risk analysis methods. These consist of sophisticated processes of an asset identification and valuation, vulnerability analysis, threat analysis, and risk calculation which require very long time and heavy resources. The risk analysis approaches lack in showing an analysis result with strategic management viewpoints because these only focus on an analysis of each asset with perspectives of there value and possible loss. This paper provides an integrated approach of the evaluation methodology of enterprise security management systems. It consists of an evaluation process model and evaluation criteria. A case study proves the real value of this methodology. With a process model and evaluation criteria provided in this paper, a security officer could deliver the enterprise-wide security planning status to executive managers without burden of time and resources.

UR - http://www.scopus.com/inward/record.url?scp=34249849253&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34249849253&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:34249849253

SN - 1082-1910

VL - 11

SP - 303

EP - 312

JO - International Journal of Operations and Quantitative Management

JF - International Journal of Operations and Quantitative Management

IS - 4

ER -

An evaluation methodology of enterprise security management systems

Abstract

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this