IS security management framework: A comprehensive life cycle perspective

Managers of all enterprises are facing new challenges as their organizations increasingly rely oil information technology, (IT) for achieving goals and as their IT infrastructure is exposed to new risks. Hackers, viruses, and other threats have become more sophisticated, and newer threats have been introduced. All organizations must react to actual exposure, but should also proactively act to prevent and detect the threats. A comprehensive list of IS security threats is presented. Further, lists of the methods of detection, prevention, and remediation are presented, along with an initial taxonomy of such methods. Finally, a research agenda to explore this important domain in greater detail is presented, along with an initial set of research hypotheses,This research is supported by the Mississippi State University Center for Computer Security, Research, and is funded by the National Security Agency.