Information Security Governance Papers
| Paper Title | Information Security Governance |
|---|---|
| The Abstract of The Paper |
In any company, information has become the lifeblood of the company. In most
such companies, if not all, this information is captured, stored, processed and
transmitted using IT systems. These systems are continuously exposed to a wide
range of threats, which can result in huge risks, eventually compromising the
confidentiality, integrity and availability of such information.
The big challenge today is to ensure that a company’s electronic information is protected against possible risks which can arise against this information. A wide range of legal and regulatory prescriptions make this challenge even greater. Information Security is the discipline used to ensure such protection, and Information Security Governance is the complete environment existing in a company to ensure this protection. Information Security Governance involves all stakeholders in a company, from the Chairman of the Board to the youngest departmental secretary. This book introduces the concept of Information Security Governance in a non-technical, but very usable way. The first 3 chapters position Information Security Governance in relation to Corporate Governance and Information Technology Governance, and clearly identify accountability roles. It clearly indicates that Information Security Governance is an integral part of good Corporate Governance, and that the buck for Information Security Governance stops with the Board of the company. In Chapter 4 a model for Information Security Governance is introduced, based on international best practices. These best practices, COBIT and ISO 27002, and their role in Information Security Governance, are discussed in detail in Chapter 5. Chapters 6, 7, 8, 9 and 10 discuss each of the components of the model, introduced in Chapter 4, in detail. These components are: The Information Security Policy Architecture Compliance and Control in Information Security Governance Risk Management in Information Security Governance Organizing the Information Security function in a company Information Security Awareness. vii The last chapter, Chapter 11, provides a methodology, based on the full content of the book, to establish a sound Information Security Governance Program in a company. This book should be very useful for Board members, Executive Management, Business System Owners, CIOs, IT Managers, Information Security Managers, Risk Managers and everyone involved with information security programs in a company. |
| Web Link | http://www.springerlink.com/content/r8827l/front-matter.pdf |