Information Security Governance Papers
| Paper Title | Governance of Information Security: New Paradigm of Security Management |
|---|---|
| The Abstract of The Paper |
Governance refers to the process whereby elements in society wield power and
authority, and influence and enact policies and decisions concerning public life,
and economic and social development [13]. There are three kinds of governance
concept which should be considered in corporate environments: enterprise
governance, IT governance, and security governance. The success factors of the
governance are summarized: Adequate participation by business management;
Clearly defined governance processes; Clarify stakeholders’ roles; Measure the
effectiveness of governance; Facilitate the evolution of governance; Clearly
articulated goals; Resolution of cultural issues.
The approaches of security management, which manage an organization’s security policy by monitoring and controlling security services and mechanisms, distribute security information, and report security events, are related with the purpose of security governance. However, studies on enterprise governance or IT governance, and security management lack in the provision of detailed framework and functionalities when considering the success factors of the governance described above. For example, BS7799, which is one of the most famous standards of security management in the world, provides general guidance on the wide variety of information security. Nevertheless, it takes the broad-brush approach. Accordingly, BS7799 does not provide definitive or specific materials on any topic of the security management and certainly could be useful as a high-level overview of information security topics that could help senior management to understand the basic issues involved in each of the topic areas. This chapter provides a structured approach of security governance to corporate executives. Previous studies on the governance and security management are summarized to explain the components and requirements of a governance framework for corporate security. Finally, a governance framework for corporate security, which consists of four domains and two relationship categories, is provided. The domains have several objects respectively. |
| Web Link | http://www.springerlink.com/content/3860t5314p37225u/fulltext.pdf?page=1 |