Information Security Governance Papers

Paper Title Information Security Governance Guidance for board of Directors and Executive Management (2nd Edition)
The Abstract of The Paper Organisations today face a global revolution in governance that directly affects their information management practices. There is an increased need to focus on the overall value of information protected and delivered—in terms of enabled services. Due to the high-profile organisational failures of the past decade, legislatures, statutory authorities and regulators have created a complex array of new laws and regulations designed to force improvement in organisational governance, security, controls and transparency. Previous and new laws on information retention and privacy, coupled with significant threats of information systems disruptions from hackers, worms, viruses and terrorists, have resulted in a need for a governance approach to information management, protecting the organisation’s most critical assets—its information and reputation.

Information and the systems that handle it are critical to the operation ofvirtually all organisations. Access to reliable information has become an indispensable component of conducting business; indeed, in a growing number of organisations, information is the business. This increasing dependence on information was apparent more than a decade ago when Peter Drucker stated:The diffusion of technology and the commodification of information transforms the role of information into a resource equal in importance to the traditionally important resources of land, labor and capital.1 During the intervening years, value escalation of and dependence on information have increased exponentially. There is every indication that this quickening pace will continue unabated into the foreseeable future. Gartner recently estimated that in less than a decade, organisations will typically deal with 30 times more information than they do today.2With the chaos, glaring vulnerabilities and perpetual crisis-mode activities observed in most information technology operations, that is not a reassuring notion. Organisations continue to witness information-related crime and vandalism becoming the choice of a growing global criminal element. Existing institutions burdened by countless conflicting jurisdictions and inadequate resources have not been successful in reducing the amount or impact of these activities. Therefore, a large portion of the task of protecting critical information resources falls squarely on the shoulders of executives and boards of directors.
Web Link http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=34997

Back To Information Security Governance Papers List

Database Sections