Information Security Governance Papers
| Paper Title | Organizing the Information Security Function |
|---|---|
| The Abstract of The Paper |
In any company, the way Information Security is organized is very important.
All Best Practice documents underline this aspect.
Traditionally, and in many cases still today, the Information Security function is seen as an integral part of the IT function, and is usually totally contained in the IT function. More recent thinking has underlined the fact that such a way of organizing Information Security is an oversimplification, and several newer models are emerging which differ from this traditional view. Today, it is realized that there must be at least two components to Information Security organization – a component which looks after the day-to-day operational aspects related to it, and a component which is responsible for the compliance monitoring function as introduced in Chapter 7. This chapter basically follows this last approach. This chapter returns to the aspect of compliance, discussed in Chapter 7, and makes a distinction between Compliance Management and Operational Management of Information Security. Both will be briefly discussed, and then a model will be provided as to how these functions and, therefore, Information Security as a whole can be organized in a company. However, before that, it is necessary to see what the two driving Best Practice documents introduced earlier, say about this aspect. |
| Web Link | http://www.springerlink.com/content/v1r4n74mx77vxl9p/fulltext.pdf?page=1 |