Cybersecurity Considerations for Information Systems

摘要

The significant efficiencies possible through the use of information technology in public systems are alluring, however, as the value of the information stored electronically increases, computer systems become targets for abuse and attack. To ensure continued public confidence in these systems, managers need to understand the impact of security shortcomings in their automated systems. A high level taxonomy of threats to information systems is presented to provide a basis for security requirements. Fundamental concepts of computer security are reviewed. The costs and benefits of investment in cybersecurity will be introduced. The concept of organizational information policy, mechanisms for its enforcement, and the value of assurance and the notion of costs and benefits of investment in cybersecurity are presented.