Introduction
Background and Motivations
Purpose
Questions
Research Methodology
Organization of Subsequent Chapters
Endnotes
Knowledge, Issues, and Dilemmas
Introduction
Information Security
Principles and Approaches
Information Security Risk Management Strategy
Information Security Program
Responding to Change
Current Research and Social Perspectives
Conclusion
Endnotes
Practice, Issues, and Dilemmas
Information Risk Management (IRM) Practices
Social–Technical Approach
Endnotes
Responsive Security
Piezoelectric Metaphor
BETA’s Approach to Emerging Risks and Attacks
Learning from Tsunami Incident
Revealing Uncertainties and Making Risks Visible
Responsive, Reactive, and Proactive Strategies
Criticality Alignment
Testing Responsive Approach at GAMMA
Learning from Antinny Worm Case Study
Refining Responsive Approach
Responsive Learning
Endnotes
Conclusions and Implications
Summary and Results
Conclusions about Each Research Question
Implications for Theory
Implications for Policy and Practice
Suggestions for Further Research
Endnotes
Appendices
References
Index
Biography
Meng-Chow Kang, PhD, earned an MSc in information security from the Royal Holloway and Bedford New College, University of London, and completed his PhD program in information security risk management at the Southern Cross University in Australia. He co-founded the Regional Asia Information Security Exchange (RAISE) Forum (raiseforum.org) that serves as a platform for regional information sharing and contributes to international standards development in ISO and ITU-T. He has been contributing to the development and adoption of international standards relating to information security since 1998, served as the first chair for ISO/IEC JTC 1/SC 27/WG 4 on Security Controls and Services Standards development from 2006 to 2012, and his work has been recognized with numerous industry awards.
