Applying information security governance

Applying information security governance

Corporate governance and accountability are now at the top of government and investor agendas - not just in the US, but throughout Europe and Asia. It may seem like a dry subject, but the reality is that governance failures could mean more than damaged careers, and no chief executive wants to see se...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2003-01, Vol.22 (7), p.580-584
Hauptverfasser: Moulton, Rolf, Coles, Robert S
Format: Artikel
Sprache:eng
Schlagworte:
Corporate governance
International
Network security
Professional responsibilities
Security management
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Corporate governance and accountability are now at the top of government and investor agendas - not just in the US, but throughout Europe and Asia. It may seem like a dry subject, but the reality is that governance failures could mean more than damaged careers, and no chief executive wants to see serious failures on their watch. Information security governance is the establishment and maintenance of the control environment to manage the risks relating to the integrity and availability of information and its supporting processes and systems. Three terms are introduced to help ensure that the focus remains on those issues and risks that are significant to the enterprise as a whole, rather than only to certain processes and operations within an enterprise. They are the enterprise pain threshold, the enterprise risks, and enterprise management. A hypothetical example is used to: 1. identify an enterprise level information risk, 2. assign responsibility for managing that risk, and 3. implement and manage controls.
ISSN:0167-4048
1872-6208
DOI:10.1016/S0167-4048(03)00705-3