Information Security Governance: A model based on the Direct-Control Cycle

被引:47
作者
von Solms, Rossouw [1 ]
Solms, S. H. Basie von
机构
[1] Nelson Mandela Metropolitan Univ, Dept Informat Technol, Port Elizabeth, South Africa
[2] Univ Johannesburg, Stand Bank Acad Informat Technol, Johannesburg, South Africa
来源
COMPUTERS & SECURITY | 2006年 / 25卷 / 06期
关键词
governance; corporate governance; information security governance; direct-control cycle; compliance enforcement; management levels;
D O I
10.1016/j.cose.2006.07.005
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
It is generally accepted that Information Security Governance is an integral part of Corporate Governance. It is therefore essential for any company to have a proper Information Security Governance program which reflects this integration with Corporate Governance. one of the core principles of Governance, and specifically Corporate Governance, is the Direct-Control Cycle which, in its simplest form, 'prescribes' and 'checks'. This paper presents an Information Security Governance model based on this cycle. (C) 2006 Elsevier Ltd. All rights reserved.
引用
收藏
页码:408 / 412
页数:5
相关论文
共 5 条
[1]  
[Anonymous], KING 2 REP CORP GOV
[2]  
*INF SEC GOV, 2004, CALL ACT NAT CYB SEC
[3]  
*INF SEC MAN ASS, 2000, CALL ACT CORP GOV
[4]  
IT Governance Ltd, 2005, BOARD BRIEF IT GOV
[5]  
VONSOLMS, UNPUB INFORMATION SE
1