Torsten Kriedt

Achieving Business Value in Information Security Torsten Kriedt

Diplomarbeit, die am 20.12.2001 erfolgreich an einer Fachhochschule in Deutschland eingereicht wurde. Abstract: The beginning of the 21st century with the fear of the "Year 2000"-threat (Y2K) became a milestone for the "Information Age", a term coined for the post-industrial stage of leading countries "[?] when information and information technologies become the main strategic national resource which results in an avalanche growth of information dependence in all spheres of society and state activities.?. In organisations the awareness of the dependence on information has led to corporate initiatives to treat information as an asset, which includes various efforts for its protection. Management trends such as "knowledge management" have identified "knowledge sharing" as a new means for achieving competitive advantage, thus promoting information to be disseminated. Due to an ever closer relationship with customers, suppliers and even competitors, organisations have expanded their "information network" outside of the original boundaries. The dualism of protection of information assets on the one hand and a free flow of information has been identified to become a challenge for organisations, described as "[?] how to satisfy this need to share information without exposing the organization to undue risk.?. With the information society implying radical changes, the need to act has been accelerated by a new mindset reacting to the advent of "e-business". Information Security (InfoSec) is often mistaken to be a purely technical issue, handled by information system (IS) departments and used as a synonym for firewall, access controls, and encryption of e-mails. However, because of the risks involved for an organisation - including legal liabilities, loss of trust and severe financial damage - InfoSec needs to be a top management issue. Then again, although paying lip-service to treating information as an asset, top-manageme