Information Security Governance – Compliance management vs operational management

Solms, Sebastiaan H. von

doi:10.1016/j.cose.2005.07.003

Cited by 89 publications

(35 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Most comprise of auditing, risk management and information security management (von Solms, 2005). Other models view security governance as independent layers within an organisational structure from operational and human resourced based through tactical security controls and risk management to strategic business strategy direction (Business Software Alliance, 2003;Harris, 2006b;Nixu, 2008).…”

Section: A Governance Approachmentioning

confidence: 98%

In a ‘trusting’ environment, everyone is responsible for information security

Williams

2008

Information Security Technical Report

View full text Add to dashboard Cite

Section: A Governance Approachmentioning

confidence: 98%

In a ‘trusting’ environment, everyone is responsible for information security

Williams

2008

Information Security Technical Report

View full text Add to dashboard Cite

“…The first constructor was a review of the literature on current information governance thinking, where it was noted that there exists a discrepancy between the compliance to information governance objectives and the operational management tasks to meet these objectives (von Solms, 2005). This is further confirmed by the interview data concerning the responsibilities and legal requirements of information security.…”

Section: Model Constructionmentioning

confidence: 77%

Information Governance: A Model for Security in Medical Practice

Williams¹

2007

JDFSL

View full text Add to dashboard Cite

Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security. In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an ongoing action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data.

show abstract

“…This is due to the fact that information security governance is accepted as an integral part of Corporate Governance (Von Solms, 2005). Corporate governance relates to the responsibility of the board to effectively direct and control an organization through sound leadership efforts (Donaldson, 2005).…”

Section: Strategic Levelmentioning

confidence: 99%

“…It is essential to measure and enforce compliance (Von Solms, 2005), and both technology and employee behavior should be monitored to ensure compliance with information security policies and to respond effectively and timely to incidents detected (Vroom and Von Solms, 2004). Monitoring of employee behavior could include monitoring the installation of unauthorized software, the use of strong passwords or Internet sites visited.…”

Section: Tactical and Operational Levelmentioning

confidence: 99%

A Framework for the Governance of Information Security in Banking System

Ula¹,

Ismail²,

Sidek³

2011

JIACS

View full text Add to dashboard Cite

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches are highly increase in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in banking system. This paper highlights the information assets and potential threats for banking system. It further examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. This paper further proposes the initial framework for governing the information security in banking system. The framework is categorized into three levels which are strategic level, tactical, operational level, and technical level. This proposed framework will be implemented in real banking environment.

show abstract

Information Security Governance – Compliance management vs operational management

Cited by 89 publications

References 1 publication

In a ‘trusting’ environment, everyone is responsible for information security

In a ‘trusting’ environment, everyone is responsible for information security

Information Governance: A Model for Security in Medical Practice

A Framework for the Governance of Information Security in Banking System

Contact Info

Product

Resources

About