Edited by Straub (information systems, Georgia State U.), Goodman (international affairs and computing, Georgia Institute of Technology), and Baskerville (information systems, Robinson College of Business), this volume of Advances in Management Information Systems is the first of several to address issues of information security and as such it focuses on matters of policy, strategy, and processes necessary for the establishment of the overall security posture of an organization and leaves discussion of supportive technological and organizational measures for later volumes. Chapters address information technology governance and organizational design for security management, information system risk assessment and documentation, strategic information security risk management, and business continuity planning and the protection of informational assets. They also discuss the extra-organizational security setting for the United States and internationally, as well as emerging research trends.

Richard L. Baskerville is a Professor of Information Systems in the Department of Computer Information Systems, Robinson College of Business, Georgia State University. Seymour (Sy) Goodman is Professor of International Affairs and Computing jointly at the Sam Nunn School of International Affairs and the College of Computing at Georgia Tech, co-Director of the Georgia Tech Information Security Center, and Principal Investigator for the MacArthur Foundation grant supporting the Sam Nunn Security Program. Detmar Straub is the J. Mack Robinson Distinguished Professor of IS at Georgia State University and conducts research in the areas of information security, e-commerce, technological innovation, and international IT.

Series Editor's Introduction Part I. The Terrain of Information Security 1. Framing the Information Security Process in Modem Society Part II. Security Processes for Organizational Information Systems 2. Information Systems Security Strategy: A Process View 3. IT Governance and Organizational Design for Security Management 4. Information System Risk Assessment and Documentation 5. Strategic Information Security Risk Management 6. Security Policy: From Design to Maintenance 7. Business Continuity Planning and the Protection of Informational Assets Part III. Processes for Securing the Extra-Organizational Setting 8. Information Security Policy in the U.S. National Context 9. The International Landscape of Cyber Security Part IV. Forces and Research Leading to Future Information Security Processes 10. Emerging Ubiquitous Computing Technologies and Security Management Strategy 11. Promising Future Research in InfoSec