Applying information security governance
Corporate governance and accountability are now at the top of government and investor agendas - not just in the US, but throughout Europe and Asia. It may seem like a dry subject, but the reality is that governance failures could mean more than damaged careers, and no chief executive wants to see se...
Gespeichert in:
| Veröffentlicht in: | Computers & security 2003-01, Vol.22 (7), p.580-584 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 584 |
|---|---|
| container_issue | 7 |
| container_start_page | 580 |
| container_title | Computers & security |
| container_volume | 22 |
| creator | Moulton, Rolf Coles, Robert S |
| description | Corporate governance and accountability are now at the top of government and investor agendas - not just in the US, but throughout Europe and Asia. It may seem like a dry subject, but the reality is that governance failures could mean more than damaged careers, and no chief executive wants to see serious failures on their watch. Information security governance is the establishment and maintenance of the control environment to manage the risks relating to the integrity and availability of information and its supporting processes and systems. Three terms are introduced to help ensure that the focus remains on those issues and risks that are significant to the enterprise as a whole, rather than only to certain processes and operations within an enterprise. They are the enterprise pain threshold, the enterprise risks, and enterprise management. A hypothetical example is used to: 1. identify an enterprise level information risk, 2. assign responsibility for managing that risk, and 3. implement and manage controls. |
| doi_str_mv | 10.1016/S0167-4048(03)00705-3 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_27926868</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>530741501</sourcerecordid><originalsourceid>FETCH-LOGICAL-c386t-145ed622c5892b8b233119cf7bf951e1729d6969984efce9926c40b884e4e72c3</originalsourceid><addsrcrecordid>eNpdkE1Lw0AQhhdRsFZ_glA8SD1EZz-yH8dS_IKCB_W8JNtJSUmzcTcR8u_dtuLBywwDz7y8PIRcU7inQOXDexoqEyD0HPgdgII84ydkQrVimWSgT8nkDzknFzFuAaiSWk_IfNF1zVi3m1ndVj7sir727SyiG0Ldj7ON_8bQFq3DS3JWFU3Eq989JZ9Pjx_Ll2z19vy6XKwyx7XsMypyXEvGXK4NK3XJOKfUuEqVlckpUsXMWhppjBZYOTSGSSeg1OkUqJjjU3J7zO2C_xow9nZXR4dNU7Toh2iZSi9a6gTe_AO3fkhdm8SAEgBg8gTlR8gFH2PAynah3hVhtBTsXp49yLN7Mxa4PciznP8ASmpgeg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>207400095</pqid></control><display><type>article</type><title>Applying information security governance</title><source>Elsevier ScienceDirect Journals</source><creator>Moulton, Rolf ; Coles, Robert S</creator><creatorcontrib>Moulton, Rolf ; Coles, Robert S</creatorcontrib><description>Corporate governance and accountability are now at the top of government and investor agendas - not just in the US, but throughout Europe and Asia. It may seem like a dry subject, but the reality is that governance failures could mean more than damaged careers, and no chief executive wants to see serious failures on their watch. Information security governance is the establishment and maintenance of the control environment to manage the risks relating to the integrity and availability of information and its supporting processes and systems. Three terms are introduced to help ensure that the focus remains on those issues and risks that are significant to the enterprise as a whole, rather than only to certain processes and operations within an enterprise. They are the enterprise pain threshold, the enterprise risks, and enterprise management. A hypothetical example is used to: 1. identify an enterprise level information risk, 2. assign responsibility for managing that risk, and 3. implement and manage controls.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/S0167-4048(03)00705-3</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Sequoia S.A</publisher><subject>Corporate governance ; International ; Network security ; Professional responsibilities ; Security management</subject><ispartof>Computers & security, 2003-01, Vol.22 (7), p.580-584</ispartof><rights>Copyright Elsevier Sequoia S.A. 2003</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c386t-145ed622c5892b8b233119cf7bf951e1729d6969984efce9926c40b884e4e72c3</citedby><cites>FETCH-LOGICAL-c386t-145ed622c5892b8b233119cf7bf951e1729d6969984efce9926c40b884e4e72c3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Moulton, Rolf</creatorcontrib><creatorcontrib>Coles, Robert S</creatorcontrib><title>Applying information security governance</title><title>Computers & security</title><description>Corporate governance and accountability are now at the top of government and investor agendas - not just in the US, but throughout Europe and Asia. It may seem like a dry subject, but the reality is that governance failures could mean more than damaged careers, and no chief executive wants to see serious failures on their watch. Information security governance is the establishment and maintenance of the control environment to manage the risks relating to the integrity and availability of information and its supporting processes and systems. Three terms are introduced to help ensure that the focus remains on those issues and risks that are significant to the enterprise as a whole, rather than only to certain processes and operations within an enterprise. They are the enterprise pain threshold, the enterprise risks, and enterprise management. A hypothetical example is used to: 1. identify an enterprise level information risk, 2. assign responsibility for managing that risk, and 3. implement and manage controls.</description><subject>Corporate governance</subject><subject>International</subject><subject>Network security</subject><subject>Professional responsibilities</subject><subject>Security management</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2003</creationdate><recordtype>article</recordtype><recordid>eNpdkE1Lw0AQhhdRsFZ_glA8SD1EZz-yH8dS_IKCB_W8JNtJSUmzcTcR8u_dtuLBywwDz7y8PIRcU7inQOXDexoqEyD0HPgdgII84ydkQrVimWSgT8nkDzknFzFuAaiSWk_IfNF1zVi3m1ndVj7sir727SyiG0Ldj7ON_8bQFq3DS3JWFU3Eq989JZ9Pjx_Ll2z19vy6XKwyx7XsMypyXEvGXK4NK3XJOKfUuEqVlckpUsXMWhppjBZYOTSGSSeg1OkUqJjjU3J7zO2C_xow9nZXR4dNU7Toh2iZSi9a6gTe_AO3fkhdm8SAEgBg8gTlR8gFH2PAynah3hVhtBTsXp49yLN7Mxa4PciznP8ASmpgeg</recordid><startdate>20030101</startdate><enddate>20030101</enddate><creator>Moulton, Rolf</creator><creator>Coles, Robert S</creator><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20030101</creationdate><title>Applying information security governance</title><author>Moulton, Rolf ; Coles, Robert S</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c386t-145ed622c5892b8b233119cf7bf951e1729d6969984efce9926c40b884e4e72c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2003</creationdate><topic>Corporate governance</topic><topic>International</topic><topic>Network security</topic><topic>Professional responsibilities</topic><topic>Security management</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Moulton, Rolf</creatorcontrib><creatorcontrib>Coles, Robert S</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Moulton, Rolf</au><au>Coles, Robert S</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Applying information security governance</atitle><jtitle>Computers & security</jtitle><date>2003-01-01</date><risdate>2003</risdate><volume>22</volume><issue>7</issue><spage>580</spage><epage>584</epage><pages>580-584</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>Corporate governance and accountability are now at the top of government and investor agendas - not just in the US, but throughout Europe and Asia. It may seem like a dry subject, but the reality is that governance failures could mean more than damaged careers, and no chief executive wants to see serious failures on their watch. Information security governance is the establishment and maintenance of the control environment to manage the risks relating to the integrity and availability of information and its supporting processes and systems. Three terms are introduced to help ensure that the focus remains on those issues and risks that are significant to the enterprise as a whole, rather than only to certain processes and operations within an enterprise. They are the enterprise pain threshold, the enterprise risks, and enterprise management. A hypothetical example is used to: 1. identify an enterprise level information risk, 2. assign responsibility for managing that risk, and 3. implement and manage controls.</abstract><cop>Amsterdam</cop><pub>Elsevier Sequoia S.A</pub><doi>10.1016/S0167-4048(03)00705-3</doi><tpages>5</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0167-4048 |
| ispartof | Computers & security, 2003-01, Vol.22 (7), p.580-584 |
| issn | 0167-4048 1872-6208 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_27926868 |
| source | Elsevier ScienceDirect Journals |
| subjects | Corporate governance International Network security Professional responsibilities Security management |
| title | Applying information security governance |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T00%3A34%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Applying%20information%20security%20governance&rft.jtitle=Computers%20&%20security&rft.au=Moulton,%20Rolf&rft.date=2003-01-01&rft.volume=22&rft.issue=7&rft.spage=580&rft.epage=584&rft.pages=580-584&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/S0167-4048(03)00705-3&rft_dat=%3Cproquest_cross%3E530741501%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=207400095&rft_id=info:pmid/&rfr_iscdi=true |