Information Security Governance - Compliance management vs operational management

被引:38
|
作者
von Solms, SH [1 ]
机构
[1] Univ Johannesburg, Dept Acad Informat Technol, ZA-2006 Johannesburg, South Africa
来源
COMPUTERS & SECURITY | 2005年 / 24卷 / 06期
关键词
information security; information security management; information technology governance; corporate governance; operational management; compliance management; risk management;
D O I
10.1016/j.cose.2005.07.003
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper discusses the difference that should exist between Information Security Operational Management and Information Security Compliance Management. The paper argues that for good Information Security Governance, good IT Governance and good Corporate Governance, these two dimensions of Information Security Management should be totally separate, and housed in separate departments. (C) 2005 Elsevier Ltd. All rights reserved.
引用
收藏
页码:443 / 447
页数:5
相关论文
共 50 条
  • [1] MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned
    Takamura, Eduardo
    Gomez-Rosa, Carlos
    Mangum, Kevin
    Wasiak, Fran
    2014 IEEE AEROSPACE CONFERENCE, 2014,
  • [2] INFORMATION SECURITY ASPECT OF OPERATIONAL RISK MANAGEMENT
    Zawila-Niedzwiecki, Janusz
    Byczkowski, Maciej
    FOUNDATIONS OF MANAGEMENT, 2009, 1 (02) : 45 - 60
  • [3] A Framework for Information Security Governance and Management
    Carcary, Marian
    Renaud, Karen
    McLaughlin, Stephen
    O'Brien, Conor
    IT PROFESSIONAL, 2016, 18 (02) : 22 - 30
  • [4] Holistic Information Security Management and Compliance Framework
    Grigaliunas, Sarunas
    Schmidt, Michael
    Bruzgiene, Rasa
    Smyrli, Panayiota
    Andreou, Stephanos
    Lopata, Audrius
    ELECTRONICS, 2024, 13 (19)
  • [5] INFORMATION SECURITY OF THE BANK IN THE OPERATIONAL RISK MANAGEMENT SYSTEM
    Bezshtanko, D. V.
    FINANCIAL AND CREDIT ACTIVITY-PROBLEMS OF THEORY AND PRACTICE, 2012, 1 (12):
  • [6] Exploring information security compliance in corporate IT governance
    Tarn, J. Michael
    Raymond, Heath
    Razi, Muhammad
    Han, Bernard T.
    HUMAN SYSTEMS MANAGEMENT, 2009, 28 (03) : 131 - 140
  • [7] IT/IS SECURITY MANAGEMENT WITH UNCERTAIN INFORMATION
    Klimes, Cyril
    Bartos, Jiri
    KYBERNETIKA, 2015, 51 (03) : 408 - 419
  • [8] STANDARDIZATION IN INFORMATION SECURITY MANAGEMENT
    Fal', A. M.
    CYBERNETICS AND SYSTEMS ANALYSIS, 2010, 46 (03) : 512 - 515
  • [9] From information security management to enterprise risk management
    Stoll, Margareth
    Lecture Notes in Electrical Engineering, 2015, 313 : 9 - 16
  • [10] Information Security governance: COBIT or ISO 17799 or both?
    von Solms, B
    COMPUTERS & SECURITY, 2005, 24 (02) : 99 - 104
12345