Information Security: Risk, Governance and Implementation Setback

被引:16
作者
Fazlida, M. R. [1 ]
Said, Jamaliah [2 ]
机构
[1] Univ Teknol MARA, Fac Accountancy, Shah Alam 40450, Malaysia
[2] Univ Teknol MARA, Accounting Res Inst, Shah Alam 40450, Malaysia
来源
7TH INTERNATIONAL CONFERENCE ON FINANCIAL CRIMINOLOGY 2015, 7TH ICFC 2015 | 2015年 / 28卷
关键词
Information security; Governance; FRAMEWORK; MODEL;
D O I
10.1016/S2212-5671(15)01106-5
中图分类号
F8 [财政、金融];
学科分类号
0202 ;
摘要
The growing emergence of information security threat call for information security to be integrate in the organization's corporate governance and been treat as high important as other critical corporate governance area by Boards and executive management. This paper provides an overview of information security risk, governance and implementation setback. Review shows that Information Security can complement IT Governance (ITG), in term of assurance on the confidentiality, integrity, and availability of information. Well-known ITG Framework such as ISO 27001 and COBIT could be used by organizations to help ease Information Security Governance (ISG) implementation. Amongst hindrance to ISG implementation is lack of awareness on the important of information security by BOD and stakeholders, unclear policies and staff rejection. (C) 2015 The Authors. Published by Elsevier B.V.
引用
收藏
页码:243 / 248
页数:6
相关论文
共 25 条
[1]  
ALLEN J, 2005, GOVERNING ENTERPRISE
[2]  
Andersen W.P., 2001, Information Security Technical Report, V6, P60, DOI [10.1016/S1363-4127(01)00309-0, DOI 10.1016/S1363-4127(01)00309-0]
[3]   Perceived significance of information security governance to predict the information security service quality in software service industry: An empirical analysis [J].
Bahl, Sanjay ;
Wali, O.P. .
Information Management and Computer Security, 2014, 22 (01) :2-23
[4]  
Barker K, 2014, COMPUT FRAUD SECUR, P5
[5]  
Campbell P. L., 2003, INTRO INFORM CONTROL
[6]   Internal control framework for a compliant ERP system [J].
Chang, She-I ;
Yen, David C. ;
Chang, I-Cheng ;
Jan, Derek .
INFORMATION & MANAGEMENT, 2014, 51 (02) :187-205
[7]  
Cowan D, 2011, COMPUT FRAUD SECUR, P8, DOI 10.1016/S1361-3723(11)70113-0
[8]   Evaluating IT governance practices and business and IT outcomes: A quantitative exploratory study in Brazilian companies [J].
de Souza Bermejo, Paulo Henrique ;
Tonelli, Adriano Olimpio ;
Zambalde, Andre Luiz ;
dos Santos, Pamela Aparecida ;
Zuppo, Larissa .
CENTERIS 2014 - CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS / PROJMAN 2014 - INTERNATIONAL CONFERENCE ON PROJECT MANAGEMENT / HCIST 2014 - INTERNATIONAL CONFERENCE ON HEALTH AND SOCIAL CARE INFORMATION SYSTEMS AND TECHNOLOGIES, 2014, 16 :849-857
[9]  
Dzazali Suhazimah, 2012, Journal of Systems and Information Technology, V14, P23, DOI 10.1108/13287261211221128
[10]  
Ernst and Young, 2014, GET AH CYB EYS GLOB
123