Information Security Governance Papers
| Paper Title | A Methodology for Establishing an Information Security Governance Environment |
|---|---|
| The Abstract of The Paper |
The previous chapters examined some of the major components of our Information
Security Governance Model. There should now be a good understanding
of the different dimensions (components) discussed in these chapters.
The question now is:
How do we put it all together, i.e., how do we go about establishing an environment based on the content of this book? This chapter will provide a high-level methodology on how to establish an ISG environment. The methodology will consist of a number of setup steps followed by a continuous cycle, which can be followed to get such an environment operational. Our methodology will assume that no such environment exists at all, and that everything must be started from scratch. That is, of course, unrealistic. In most cases, some type of Information Security management environment will already exist, and we should re-use as much as possible to prevent wasting unnecessary time and money. Therefore, the present situation must be compared with the steps provided in the methodology, and must be synchronized and integrated where possible. There are 14 steps included in the methodology, but that can be refined as needed. The first nine are setup steps, while the last five form a continuous cycle. |
| Web Link | http://www.springerlink.com/content/r7134rp0174222vl/?p=c2a1e91eb5fb4b6f97976897ae9c2390&pi=1 |