Information Security Governance Papers
|
#
|
Paper Title
|
|
1
|
Information Security Governance Guidance for board of Directors and Executive Management (2nd Edition)
|
|
2
|
Information Security Guide For Government Executives
|
|
3
|
Entrust- Secure Digital Identities and Information Security Governance (ISG) An Essential Element of Corporate Governance
|
|
4
|
The Use of Best Practice Standards and Guidelines in Information Security Governance
|
|
5
|
Developing Metrics for Effective Information Security Governance
|
|
6
|
Information Security Governance
|
|
7
|
Characteristics of Effective Security Governance
|
|
8
|
INFORMATION SECURITY GOVERNANCE: A CALL TO ACTION
|
|
9
|
Governance of Information Security: New Paradigm of Security Management
|
|
10
|
INFORMATION SECURITY GOVERNANCE AND INTERNAL AUDITS: A PROCESSUAL MODEL
|
|
11
|
The Building Security In Maturity Model
|
|
12
|
Payment Application Data Security Standard (PA-DSS) V1.2
|
|
13
|
Payment Card Industry (PCI) Data Security Standard
|
|
14
|
Roadmap to an Enterprise Security Program
|
|
15
|
Maturity of Practice
|
|
16
|
Information security: a corporate governance issue
|
|
17
|
Security management, integrity, and internal control in information systems
|
|
18
|
Information Security Governance in Japan
|
|
19
|
E-learning: Incorporating Information Security Governance
|
|
20
|
Information Security Governance: What, How and Why of IS Security
|
|
21
|
Information Security governance: COBIT or ISO 17799 or both
|
|
22
|
ISO/IEC Information & ICT Security and Governance Standards in practice
|
|
23
|
Information Security Governance Science & Engineering, Computers & IT
|
|
24
|
Legal implications of information security governance
|
|
25
|
Achieving Effective Information Security Governance: Challenges and Approaches
|
|
26
|
Cobit and other standards to improve IT Governance
|
|
27
|
Blending Corporate Governance with Information Security
|
|
28
|
A Methodology for Establishing an Information Security Governance Environment
|
|
29
|
A Responsibility Framework for Information Security
|
|
30
|
Information Security Governance - A Re-Definition
|
|
31
|
Information Security Governance
|
|
32
|
Security Engineering in IT Governance for University Information System
|
|
33
|
Security Governance for Enterprise VoIP Communication
|
|
34
|
Enterprise Security Governance; A practical guide to implement and control Information Security Governance (ISG)
|
|
35
|
Information Security Education, Training and Awareness
|
|
36
|
IT Risk Management
|
|
37
|
Organizing the Information Security Function
|
|
38
|
General Drawing of the Integrated Framework for Security Governance
|
|
39
|
Five Non-Technical Pillars of Network Information Security Management
|
|
40
|
large version E-Commerce and Security Governance in Developing Countries
|
|
41
|
Is the Information Security King Naked?
|
|
42
|
Information Security Governance for Executive Management
|
|
43
|
The Direct Part of the Model – An Information Security Policy Architecture
|
|
44
|
e-Governance: Two Views on Legal Environment
|
|
45
|
Access Control in Federated Databases: How Legal Issues Shape Security
|
|
46
|
Anti-corruption Information Systems and e-Government in Transforming Countries. A Point of View
|
|
47
|
In Law We Trust? Trusted Computing and Legal Responsibility for Internet Security
|
|
48
|
Information Security Governance: A model based on the Direct–Control Cycle
|
|
49
|
Information security governance: Due care
|
|
50
|
In a ‘trusting’ environment, everyone is responsible for information security
|
|
51
|
From information security to…business security?
|
|
52
|
A framework and assessment instrument for information security culture
|
|
53
|
Information security management standards: Compliance, governance and risk management
|
|
54
|
Government and industry should recognize that a significant regulatory regime already exists for information security
|
|
55
|
Industry should develop an information security governance framework that organizations can readily adopt
|
|
56
|
Government has already established a significant legislative and regulatory regime around IT security, and is considering additional action
|
|
57
|
Information security is often treated solely as a technology issue, when it should also be treated as a governance issue
|
|
58
|
There is already broad consensus on the actions necessary to remedy the problem
|
|
59
|
Lack of progress is due in part to the absence of a governance framework
|
|
60
|
Interpreting the Framework
|
|
61
|
Consistent with Key Security Practices
|
|
62
|
Analysis of information security efforts
|
|
63
|
INFORMATION SECURITY AS A FUNDAMENTAL GOVERNANCE ISSUE
|
|
64
|
ORGANIZING FOR INFORMATION SECURITY—ESSENTIAL PROGRAM COMPONENTS
|
|
65
|
GOVERNANCE DOCUMENTS UNDER DEVELOPMENT
|
|
66
|
The ISO 17799 and ISO 27001 Standards for Information Security Governance
|
|
67
|
STRATEGIC
|
|
68
|
UNIFIED
|
|
69
|
COMPREHENSIVE
|
|
70
|
CLEAR
|
|
71
|
EVOLUTIONARY
|
|
72
|
SYSTEMATIC
|
|
73
|
SUBSTANTIATED
|
|
74
|
The Benefits Of Using ISO 17799 And 27001
|
|
75
|
Related ISO Standards
|
|
76
|
The Analysts’ Views On ISO 17799 And 27001
|
|
77
|
The Caveats Of Using ISO 17799 And 27001
|
|
78
|
The 2007 U.S. Information Security Benchmark
|
|
79
|
ISO and IEC
|
|
80
|
ISO and IEC form JTC1
|
|
81
|
ISO/IEC/JTC1/SC27
|
|
82
|
CAC/JTC1/SC27 - IT Security Techniques
|
|
83
|
ISO/IEC 27005
|
|
84
|
ISO/IEC 27002
|
|
85
|
ISO/IEC 27001
|
|
86
|
CAC/JTC1/WG6 - Corporate Governance of IT
|
|
87
|
ISO/IEC 27014 Information technology -- Security techniques -- Information security governance framework
|
|
88
|
Where does your organization stand in governing information security risk management, control strategy, and compliance?
|
|
89
|
Information Security Governance: Government Considerations for the Cloud Computing Environment
|
|
90
|
Become users of cloud computing services
|
|
91
|
Exhibit 2 | Private Cloud Illustration Organization’s Private Network Internet Core Network Private Cloud Source
|
|
92
|
Hybrid Clouds Information Security Management and Hybrid CCEs
|
|
93
|
Suitable framework that helps them address risks and ensures their requirements are met
|
|
94
|
Exhibit 5 | Information Security Governance Framework Architect and Establish (Plan)
|
|
95
|
Ensure consistency with the enterprise information Policy Portfolio Management Process security architecture Architect and Establish (Plan) Implement and Operate (Do) Monitor and Review (Check, Act)
|
|
96
|
will need to provide guidance on the minimum Architect and Establish (Plan) Implement and Operate (Do) Monitor and Review (Check, Act) information security and compliance management Management Processes Functional Processes Management
|
|
97
|
Exhibit 6 summarizes the models and their relative and SaaS builds on both IaaS and PaaS, resulting risk
|
|
98
|
Representative CCE-Related Artifacts of the Implementing and Operating the Information Plan Phase Security Program (DO)
|
|
99
|
significantly depending on CCE deployment and the • Clarify roles and responsibilities service models employed. However, other Booz Allen
|
|
100
|
Measure and report on compliance with legal, the cloud consumer); and clearly define accountability regulatory, and contractual requirements; internal for legal liability related to an information security policies; and technical guidelines and standards. breach in the cloud
|
|
101
|
Information Security Governance Structures
|
|
102
|
Measurement and Metrics14
|
|
103
|
Continuous Assessment
|
|
104
|
Configuration Management
|
|
105
|
Network Monitoring
|
|
106
|
Incident and Event Statistics
|
|
107
|
Information Security Governance Challenges and Keys to Success
|
|
108
|
Cost Considerations and Reporting25
|
|
109
|
Security Planning26
|
|
110
|
Security Control Development27
|
|
111
|
Developmental Security Test and Evaluation
|
|
112
|
Security Test and Evaluation
|
|
113
|
Inspection and Acceptance
|
|
114
|
System Integration/ Installation
|
|
115
|
Security Certification28
|
|
116
|
Security Accreditation29
|
|
117
|
Configuration Management and Control30
|
|
118
|
Continuous Monitoring
|
|
119
|
Information Preservation
|
|
120
|
Media Sanitization
|
|
121
|
Hardware and Software Disposal
|
|
122
|
Risk Analysis
|
|
123
|
Control Analysis
|
|
124
|
Impact Analysis
|
|
125
|
Risk Determination
|
|
126
|
Control Recommendations
|
|
127
|
Results Documentation
|
|
128
|
Risk Mitigation
|
|
129
|
Evaluation and Assessment
|
|
130
|
Certification, Accreditation, and Security Assessments
|
|
131
|
Minimum Security Controls
|
|
132
|
Security Services and Products Acquisition
|
|
133
|
Incident Response
|
|
134
|
IT Governance
|
|
135
|
Governance: How to Deal with ICT Security in the Power Infrastructure?
|
|
136
|
Design and Delivery of Undergraduate IT Security Management Course
|
|
137
|
A Study on Feasibility and Establishment of a Security Grade Certification Scheme for the New IT Services
|
|
138
|
Electronic identity management in Sweden: governance of a market approach
|
|
139
|
Exploring the Role of Government in Information Technology Diffusion
|
|
140
|
Modeling and Construction of Web Services Security
|
|
141
|
Balancing Security and Democracy, and the Role of Expertise: Biometrics Politics in the European
|
|
142
|
Information technologies and the tragedy of the Good Will
|
|
143
|
Geoinformatics of Hotspot Detection and Prioritization for Digital Governance
|
|
144
|
Advances in sustainable security systems engineering with Drama Theory (DT) II
|
|
145
|
Trust: An Element of Information Security
|
|
146
|
EMERGENCY SERVICES IN HOMELAND SECURITY
|
|
147
|
Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography
|
|
148
|
A Meta-process for Information Security Risk Management
|
|
149
|
A study on e-Taiwan information system security classification and implementation
|
|
150
|
Facilitating relational governance through service level agreements in IT outsourcing: An application of the commitment–trust theory
|
|
151
|
Security, risk analysis and governance: a practical approach
|
|
152
|
A prototype for assessing information security awareness
|