Information Security Management: A Case Study in a Portuguese Military Organization

Information Security Management: A Case Study in a Portuguese Military Organization

José Martins (Centro de Investigação da Academia Militar (CINAMIL), Academia Militar, Lisboa, Portugal), Henrique dos Santos (Departamento de Sistemas de Informação (DSI), Universidade do Minho, Guimarães, Portugal), António Rosinha (Centro de Investigação da Academia Militar (CINAMIL), Academia Militar, Lisboa, Portugal) and Agostinho Valente (Instituto Geográfico do Exército, Lisboa, Portugal)
Copyright: © 2013 |Pages: 17
DOI: 10.4018/ijcwt.2013070103
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The authors present a Case Study conducted in a Portuguese military organization, to answer the following research questions: (1) what are the most relevant dimensions and categories of information security controls applied in military organizations? (2) What are the main scenarios of information security incidents that are expected to occur? (3) What is the decision process used for planning and selection information security controls? This study reveals that: (1) information security within the military organization is built on the basis of physical and human attack vectors, and targeting the infrastructure that supports the flow of information in the organization; (2) the information security controls applied in the military organization are included in ISO/IEC 27001; (3) planning and selection of applied information security controls are made by decision makers and information security specialists. It appears that specialists impose their planning options essentially seeking to select and retrieve past successful information security cases.
Article Preview

Research Plan

Given the numerous military organizations of the Portuguese Army, the first task was defining the criteria for the selection of the military organization, namely:

  • 1.

    A level one military organization that possesses critical information to the Portuguese Army (information criterion);

  • 2.

    The excellence of the organization’s management model if possible based on processes (governance criterion);

  • 3.

    Having a technologically advanced Information System at the level of the Portuguese Army (technology criterion).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing