Information Security Governance Papers
| Paper Title | Security management, integrity, and internal control in information systems |
|---|---|
| The Abstract of The Paper |
ISO/IEC 17799 is a standard governing information Security Management. Formalised in the 1990s, it has not seen the take up of accrediations that could be expected from looking at accreditaion figures for other standards such as the ISO 9000 series. This paper examines why this may be the case by investigating what has driven the accreditation under the standard in 18 UK companies, representing a fifth of companies accredited at the time of the research. An intial literature review suggestes that adoption could be driven by external pressures, or simply an objective of improving operational performance and competitive performance. It points to the need to investigate the influance of Regulators and Legislators, Competitors, Trading Partners and Internal Stakeholders on the decision to seek accreditation.
An inductive analysis of the reasons behind adoption of accreditation and its subsequent benefits suggests that competitive advantage is the primary driver of adoption for many of the companies we interviewed. We also find that an important driver of adoption is that the standard enabled organisations to access best practice in Information Security Managment thereby facilitating external relationships and communication with internak stakeholders. Contrary to the accepted orthodoxyand what could be expected from the literature, increased regulation and the need to comply with codes of practice are not seen as significant drivers for companies in our sample.A1:E22 |
| Web Link | http://books.google.com.sa/books? id=pmAxAfqe0IIC&pg=PA220&lpg=PA220&dq= Information+Security+Governance+*.PDF&source= bl&ots=2OONUYaE2Q&sig=LteCjsa5tIwNjlg1abNgdiHSZBg&hl=ar&ei= tOKUS72ZHY7KjAeztKD3Cw&sa=X&oi=book_result&ct=result&resnum= 3&ved=0CA0Q6AEwAjge#v=onepage&q= Information%20Security%20Governance%20*.PDF&f=false |