Institutional-Repository, University of Moratuwa.  

Investment strategy for information security in government sector organizations in Sri Lanka

Show simple item record

dc.contributor.advisor Fernando, Dr.S
dc.contributor.author Palliyaguru, RCA
dc.date.accessioned 2015-01-22T21:14:11Z
dc.date.available 2015-01-22T21:14:11Z
dc.date.issued 2015-01-23
dc.identifier.uri http://dl.lib.mrt.ac.lk/handle/123/10636
dc.description.abstract As most of the government organizations in Sri Lanka are moving towards providing connected on-line services to the citizens, the growing number of defects in information system and illegal invasion is pushing them to invest more on information security. Information security problems are as old as information exchange. But the decisions about the respective defense measures are mostly still taken based on heuristics and experience. There is a lack of general and reliable information security strategy that a government organization could use in order to make such decisions. As a result of that the information security status of government organizations are not at a level where it should be. Therefore it is very important to have a acceptable information security strategy for information security investments in government sector organizations. In general, before spending money on a product or service, decision makers want to know that the investment is financially justified. Information security is no different, it has to make business sense. Typically it is necessary to use very robust analysis techniques to determine how best to spend resources in order to increase revenue and decrease costs or losses. But in the case of information security investments there is a lack of key performance and evaluation metrics to take proper investment decisions. Using a case study approach, series of interviews were conducted with five government organizations in a variety of sectors in order to understand their investment and implementation strategies for information security. Also the general IS awareness of decision-makers and users are evaluated which has a major impact on the investment strategy of any organization. This paper proposes an IS investment strategy by providing strategic approach for each stage in the investment life cycle: Select, Control and Evaluate. en_US
dc.language.iso en en_US
dc.subject COMPUTER SCIENCE AND ENGINEERING-DISSERTATION ; BUSINESS ADMINISTRATION IN INFORMATION TECHNOLOGY-DISSERTATION ; INFORMATION SECURITY ; Government Sector Organizations-Sri Lanka ; Investment Strategy en_US
dc.title Investment strategy for information security in government sector organizations in Sri Lanka en_US
dc.type Thesis-Abstract en_US
dc.identifier.faculty Engineering en_US
dc.identifier.degree MBA en_US
dc.identifier.department Department of Computer Science & Engineering en_US
dc.date.accept 2011
dc.identifier.accno 105030 en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record