Balanced integration of information security into business management in Sri Lankan context

Abstract

Abstract Today business are becoming more and more process based. Information is the basic building block of process based business. Organisations have to exchange massive amount of information with stakeholders in realizing the business goals. Business needs information to be highly confidential in some aspects, where as in other aspects availability is the major./ The ultimate goal of information security is to reduce businesses risks associated with information exchange, storage and retrieval for stable functionality of a business. Securing information generated in business activities can not be isolated from the business practices; rather information security approach should be integrated into the management of business processes as an integral concern./ Most of the time information security is carried out by technical experts who try to make sure technical aspects of information security is taken care of Non-technical aspects including human factors should be given due consideration to achieve better level of information security. Purposeful Information Security management needs a proper balance in several integration aspects./ Integration needs of information security and business management in Sri Lankan context are researched using multiple approaches in the thesis. Using the identified benefits and gaps it presents a model as well as recommendations for purposeful security dispatch in a business organization as a balanced, integrated approach with other business management practices.