Information security governance: Due care

Information security governance: Due care

Most modern corporate governance guidelines, and also some country laws, make the Board and specifically the CEO responsible for the well-being of the organization. These parties must ensure that critical company assets are identified and that these assets are protected against possible risks that m...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2006-10, Vol.25 (7), p.494-497
Hauptverfasser: von Solms, Rossouw, von Solms, S.H. (Basie)
Format: Artikel
Sprache:eng
Schlagworte:
Best practice
Best practices
Corporate governance
Data integrity
Due care
Duty of care
Governance
Information security governance
Negligence
Studies
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Most modern corporate governance guidelines, and also some country laws, make the Board and specifically the CEO responsible for the well-being of the organization. These parties must ensure that critical company assets are identified and that these assets are protected against possible risks that may negatively influence the organization. Information can certainly be regarded as a critical business asset in most organizations today. Therefore, due care needs to be applied in the protection of information resources. Failure to do so can lead to a legal charge of negligence. As best practices can be argued as a very effective approach to apply due care, this paper proposes a self-evaluation exercise (based on best practices) for boards of companies to be used to determine whether due care has indeed been applied.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2006.08.013