This academic paper, originally published in 2012, classifies organizational security strategies into nine basic approaches; provides a summary of prior work; and describes a study involving two focus groups in Korea. The authors are three intellectuals from the University of Melbourne, Australia.
Many papers, covering a time period from 1978 to 2011, were surveyed in preparation. The classification and summary is well done--a useful contribution to the body of knowledge on the subject. The discussion of the prior work highlights the practical advantages and limitations of the various strategies. This alone makes it a worthwhile read.
The focus group study had few participants from a fairly narrow range of backgrounds. There are some interesting conclusions from this study, although the method has limitations that are admitted in the paper.
In summary, this paper is recommended reading for security professionals and information technology (IT) managers with the ability to influence the security strategies of their organizations.