Information Security Governance - Compliance management vs operational management

被引:38
作者
von Solms, SH [1 ]
机构
[1] Univ Johannesburg, Dept Acad Informat Technol, ZA-2006 Johannesburg, South Africa
来源
COMPUTERS & SECURITY | 2005年 / 24卷 / 06期
关键词
information security; information security management; information technology governance; corporate governance; operational management; compliance management; risk management;
D O I
10.1016/j.cose.2005.07.003
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper discusses the difference that should exist between Information Security Operational Management and Information Security Compliance Management. The paper argues that for good Information Security Governance, good IT Governance and good Corporate Governance, these two dimensions of Information Security Management should be totally separate, and housed in separate departments. (C) 2005 Elsevier Ltd. All rights reserved.
引用
收藏
页码:443 / 447
页数:5
相关论文
共 50 条
  • [21] Information security management: An information security retrieval and awareness model for industry
    Kritzinger, E.
    Smith, E.
    [J]. COMPUTERS & SECURITY, 2008, 27 (5-6) : 224 - 231
  • [22] Integrating IT Governance, Risk, and Compliance Management Processes
    Racz, Nicolas
    Weippl, Edgar
    Seufert, Andreas
    [J]. DATABASES AND INFORMATION SYSTEMS VI: SELECTED PAPERS FROM THE NINTH INTERNATIONAL BALTIC CONFERENCE (DB&IS 2010), 2011, 224 : 325 - 338
  • [23] AN EMPIRICAL STUDY INTO INFORMATION SECURITY GOVERNANCE FOCUS AREAS AND THEIR EFFECTS ON RISK MANAGEMENT
    Yaokumah, Winfred
    Brown, Steven
    [J]. 2014 ANNUAL GLOBAL ONLINE CONFERENCE ON INFORMATION AND COMPUTER TECHNOLOGY, 2014, : 42 - 49
  • [24] Patterns for Understanding Control Requirements for Information Systems for Governance, Risk Management, and Compliance (GRC IS)
    Wiesche, Manuel
    Berwing, Carolin
    Schermann, Michael
    Krcmar, Helmut
    [J]. ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS, 2011, 83 : 208 - +
  • [25] Identifying factors of "organizational information security management"
    Singh, Abhishek Narain
    Gupta, M. P.
    Ojha, Amitabh
    [J]. JOURNAL OF ENTERPRISE INFORMATION MANAGEMENT, 2014, 27 (05) : 644 - +
  • [26] Information Security Management in Academic Institutes of Pakistan
    Rehman, Huma
    Masood, Ashraf
    Cheema, Ahmad Raza
    [J]. 2013 2ND NATIONAL CONFERENCE ON INFORMATION ASSURANCE (NCIA), 2013, : 47 - 51
  • [27] Integrating Information Security into Quality Management Systems
    Stoll, Margareth
    [J]. TECHNOLOGICAL DEVELOPMENTS IN NETWORKING, EDUCATION AND AUTOMATION, 2010, : 455 - 460
  • [28] Applications of Scenarios Assessment to Information Security Management
    Guo, Xi-quan
    Luo, Wei-qi
    Yao, Guo-xiang
    [J]. 2010 INTERNATIONAL COLLOQUIUM ON COMPUTING, COMMUNICATION, CONTROL, AND MANAGEMENT (CCCM2010), VOL I, 2010, : 237 - 240
  • [29] Organisational Information Security Management Maturity Model
    Zammani, Mazlina
    Razali, Rozilawati
    Singh, Dalbir
    [J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2021, 12 (09) : 668 - 678
  • [30] The 10 deadly sins of information security management
    von Solms, B
    von Solms, R
    [J]. COMPUTERS & SECURITY, 2004, 23 (05) : 371 - 376
12345