Protecting Our Critical Assets

This book explores and identifies the key issues for implementing and operating an Information Security Management System (ISMS) for Government agencies. The book is based on a mixed method research approach with information security experts; web based surveys of peoples perceptions of risk; and a case study of a NSW public sector agency that has successfully implemented, operates, and been certified to ISO 27001:2005. The research proposes a Critical Success Factors model illustrating the experts perceptions concerning the objectives, resources, threats, and actors for designing, implementing and operating an ISMS. The book then describes the development and application of a new Maturity Model to measure information security in an organisation and partner organisations, coupled with an Information Security Quotient (ISQ) that allows organisations to quantitatively score their information security posture. Finally, a Tactical Security Management framework is proposed that will provide researchers and practitioners, especially Information Security Managers, with guidance and information for the implementation, operation, and certification of their ISMS.