Information security is a management problem, not a technology one. Experience indicates that technology cannot provide all the answers to the problems posed by people in the context of information security management (ISM). Although many different frameworks and guidelines have been proposed by researchers, practitioners, consultants, government and organizations, current information security objectives and practices are inconsistent or misleading to practitioners. Concepts in the field of ISM are largely based on case studies, anecdotal evidence and the prescription of industry leaders ....
Information security is a management problem, not a technology one. Experience indicates that technology cannot provide all the answers to the problem...