Adressing Information Security Vulnerabilities

Complex organizations and systems, an increasing list of vulnerabilities and evolving threats make addressing information security challenging. The media is full of examples where organizations fail basic tasks of providing ``Confidentiality, Integrity and Availability of an Organization's Assets, information, data and IT Services''. This paper discusses possible reasons why organizations fail to handle basic information security vulnerabilities, allowing exploitation by threats and reducing business efficiency and effectiveness in reaching organizational goals. This paper by Andreas Furuseth, Gjermund Vidhammer and Hanne Moen considers three possible sources of addressing vulnerabilities; information technology governance frameworks, necessary knowledge and the grouping of vulnerabilities to be able to see the bigger picture.

Click here to get the file