Information Security Management: An Approach to Combine Process Certification And Product Evaluation

Information Security Management: An Approach to Combine Process Certification And Product Evaluation

Information Security (IS) is the key to the effective management of any organisation in today’s commercial and industrial sectors. Line managers’ performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2000-01, Vol.19 (8), p.698-709
Hauptverfasser: Eloff, M.M, von Solms, S.H
Format: Artikel
Sprache:eng
Schlagworte:
Accreditation
Benchmarking
Certification
Code of practice
Controls
Cybersecurity
Data integrity
Evaluation criteria
Guideline
Product evaluation
security
Security management
Self-assessment
Studies
Systems evaluation and process certification
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 709
container_issue 8
container_start_page 698
container_title Computers & security
container_volume 19
creator Eloff, M.M
von Solms, S.H
description Information Security (IS) is the key to the effective management of any organisation in today’s commercial and industrial sectors. Line managers’ performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management’s performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural and management perspective, in which case the focus will, instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both these perspectives.
doi_str_mv 10.1016/S0167-4048(00)08019-6
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_24079412</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404800080196</els_id><sourcerecordid>24079412</sourcerecordid><originalsourceid>FETCH-LOGICAL-c396t-bf1d16e259bb6181953f15697e6f3fbbb105d5187677640480355fe512a937563</originalsourceid><addsrcrecordid>eNqFkcFLHDEYxYO04Fb9Ewqhh1IPo19mNsmMl7IsthUsCtpzyGS-aGQn2SYZwf--mV3pwYs5JPDll8d7eYR8ZnDGgInzu7LJagnL9hvAKbTAukockAVrZV2JGtoPZPEfOSSfUnoCYFK07YIMV96GOOrsgqd3aKbo8gv9rb1-wBF9vqArT1fbbQzaPNIc6DqMvfNIb2MwmBJdY8zOOrNXWPlhvhkmk-nls95Mu_Ex-Wj1JuHJ63lE_vy4vF__qq5vfl6tV9eVaTqRq96ygQmsedf3grWs441lXHQShW1s3_cM-MBLKiGlmLNAw7lFzmrdNZKL5oh83esWu38nTFmNLhncbLTHMCVVL0F2S1a_CzJZlhCsgF_egE9hir6EUDXIpismeIH4HjIxpBTRqm10o44vioGaG1K7htRsWQGoXUNqtvt9_w7Lnzw7jCoZh97g4CKarIbg3lH4B8qelrA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>207390485</pqid></control><display><type>article</type><title>Information Security Management: An Approach to Combine Process Certification And Product Evaluation</title><source>ScienceDirect Journals (5 years ago - present)</source><creator>Eloff, M.M ; von Solms, S.H</creator><creatorcontrib>Eloff, M.M ; von Solms, S.H</creatorcontrib><description>Information Security (IS) is the key to the effective management of any organisation in today’s commercial and industrial sectors. Line managers’ performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management’s performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural and management perspective, in which case the focus will, instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both these perspectives.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/S0167-4048(00)08019-6</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Accreditation ; Benchmarking ; Certification ; Code of practice ; Controls ; Cybersecurity ; Data integrity ; Evaluation criteria ; Guideline ; Product evaluation ; security ; Security management ; Self-assessment ; Studies ; Systems evaluation and process certification</subject><ispartof>Computers &amp; security, 2000-01, Vol.19 (8), p.698-709</ispartof><rights>2000 Elsevier Science Ltd</rights><rights>Copyright Elsevier Sequoia S.A. 2000</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c396t-bf1d16e259bb6181953f15697e6f3fbbb105d5187677640480355fe512a937563</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/S0167-4048(00)08019-6$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids></links><search><creatorcontrib>Eloff, M.M</creatorcontrib><creatorcontrib>von Solms, S.H</creatorcontrib><title>Information Security Management: An Approach to Combine Process Certification And Product Evaluation</title><title>Computers &amp; security</title><description>Information Security (IS) is the key to the effective management of any organisation in today’s commercial and industrial sectors. Line managers’ performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management’s performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural and management perspective, in which case the focus will, instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both these perspectives.</description><subject>Accreditation</subject><subject>Benchmarking</subject><subject>Certification</subject><subject>Code of practice</subject><subject>Controls</subject><subject>Cybersecurity</subject><subject>Data integrity</subject><subject>Evaluation criteria</subject><subject>Guideline</subject><subject>Product evaluation</subject><subject>security</subject><subject>Security management</subject><subject>Self-assessment</subject><subject>Studies</subject><subject>Systems evaluation and process certification</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2000</creationdate><recordtype>article</recordtype><recordid>eNqFkcFLHDEYxYO04Fb9Ewqhh1IPo19mNsmMl7IsthUsCtpzyGS-aGQn2SYZwf--mV3pwYs5JPDll8d7eYR8ZnDGgInzu7LJagnL9hvAKbTAukockAVrZV2JGtoPZPEfOSSfUnoCYFK07YIMV96GOOrsgqd3aKbo8gv9rb1-wBF9vqArT1fbbQzaPNIc6DqMvfNIb2MwmBJdY8zOOrNXWPlhvhkmk-nls95Mu_Ex-Wj1JuHJ63lE_vy4vF__qq5vfl6tV9eVaTqRq96ygQmsedf3grWs441lXHQShW1s3_cM-MBLKiGlmLNAw7lFzmrdNZKL5oh83esWu38nTFmNLhncbLTHMCVVL0F2S1a_CzJZlhCsgF_egE9hir6EUDXIpismeIH4HjIxpBTRqm10o44vioGaG1K7htRsWQGoXUNqtvt9_w7Lnzw7jCoZh97g4CKarIbg3lH4B8qelrA</recordid><startdate>20000101</startdate><enddate>20000101</enddate><creator>Eloff, M.M</creator><creator>von Solms, S.H</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>7U1</scope><scope>7U2</scope><scope>C1K</scope></search><sort><creationdate>20000101</creationdate><title>Information Security Management: An Approach to Combine Process Certification And Product Evaluation</title><author>Eloff, M.M ; von Solms, S.H</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c396t-bf1d16e259bb6181953f15697e6f3fbbb105d5187677640480355fe512a937563</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2000</creationdate><topic>Accreditation</topic><topic>Benchmarking</topic><topic>Certification</topic><topic>Code of practice</topic><topic>Controls</topic><topic>Cybersecurity</topic><topic>Data integrity</topic><topic>Evaluation criteria</topic><topic>Guideline</topic><topic>Product evaluation</topic><topic>security</topic><topic>Security management</topic><topic>Self-assessment</topic><topic>Studies</topic><topic>Systems evaluation and process certification</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Eloff, M.M</creatorcontrib><creatorcontrib>von Solms, S.H</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Risk Abstracts</collection><collection>Safety Science and Risk</collection><collection>Environmental Sciences and Pollution Management</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Eloff, M.M</au><au>von Solms, S.H</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Information Security Management: An Approach to Combine Process Certification And Product Evaluation</atitle><jtitle>Computers &amp; security</jtitle><date>2000-01-01</date><risdate>2000</risdate><volume>19</volume><issue>8</issue><spage>698</spage><epage>709</epage><pages>698-709</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>Information Security (IS) is the key to the effective management of any organisation in today’s commercial and industrial sectors. Line managers’ performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management’s performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural and management perspective, in which case the focus will, instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both these perspectives.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/S0167-4048(00)08019-6</doi><tpages>12</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2000-01, Vol.19 (8), p.698-709
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_miscellaneous_24079412
source ScienceDirect Journals (5 years ago - present)
subjects Accreditation
Benchmarking
Certification
Code of practice
Controls
Cybersecurity
Data integrity
Evaluation criteria
Guideline
Product evaluation
security
Security management
Self-assessment
Studies
Systems evaluation and process certification
title Information Security Management: An Approach to Combine Process Certification And Product Evaluation
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T22%3A29%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Information%20Security%20Management:%20An%20Approach%20to%20Combine%20Process%20Certification%20And%20Product%20Evaluation&rft.jtitle=Computers%20&%20security&rft.au=Eloff,%20M.M&rft.date=2000-01-01&rft.volume=19&rft.issue=8&rft.spage=698&rft.epage=709&rft.pages=698-709&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/S0167-4048(00)08019-6&rft_dat=%3Cproquest_cross%3E24079412%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=207390485&rft_id=info:pmid/&rft_els_id=S0167404800080196&rfr_iscdi=true