Information security manager as a strategist
Computing and Information Systems
Document TypeMasters Coursework thesis
Access StatusOpen Access
© 2015 Mazino Onibere
The modern organisation operates within a highly complex and sophisticated security threat landscape that exposes its information infrastructure to a range of security risks. This threat landscape includes advanced persistent threat (APT) – attackers are well-trained, organised, well-funded and capable of utilising a range of technologies to inflict damage over a prolonged period of time (Giura & Wang 2012; Ahmad 2010). Unsurprisingly, despite the existence of industry ‘best-practice’ security standards and unprecedented levels of investment in security infrastructure, the rate of incidents continues to escalate. The fundamental premise of this thesis is that the level of sophistication of threat requires organisations to develop novel security strategies that draw on creative and lateral thinking approaches. Such a security campaign requires the security manager to function as a ‘strategist’ by exercising ‘strategic thinking’. A review of security literature found little or no evidence that security managers are able or expected to function as strategists. Therefore this research project aims to identify the specific capabilities required by security managers to become effective strategists. A systematic literature review approach was adopted to determine 1) the existing role of the security manager from security literature, and 2) characteristics of a strategist from the management literature. Findings from a review of these literatures revealed 1) a strategic perspective of Information Security Management is missing, and 2) the management literature identifies a range of characteristics and qualities of a strategist. The latter was coded into the 5 dimensions of the strategist. These 5 dimensions are then discussed in the context of security managers and current strategic challenges facing security management. The result was a set of security capabilities required by security mangers to function as strategists. The thesis outlines implications for further research, including the need to expand the scope of literature review to warfare literature and the need to empirically test the 5 dimensions.
Keywordsinformation security strategy; information security management; information security strategic challenges; information security strategist
- Click on "Export Reference in RIS Format" and choose "open with... Endnote".
- Click on "Export Reference in RIS Format". Login to Refworks, go to References => Import References