Exploring information security compliance in corporate IT governance

被引：5

作者：

Tarn, J. Michael ^{[1
]}

Raymond, Heath ^{[2
]}

Razi, Muhammad ^{[1
]}

Han, Bernard T. ^{[1
]}

机构：

[1] Western Michigan Univ, Haworth Coll Business, Dept Business Informat Syst, 1903 W Michigan Ave,MS 5412, Kalamazoo, MI 49008 USA

[2] Keane Inc, Grand Rapids, MI USA

来源：

HUMAN SYSTEMS MANAGEMENT | 2009年 / 28卷 / 03期

关键词：

Information security management; IT governance; security; compliance;

D O I：

10.3233/HSM-2009-0698

中图分类号：

C93 [管理学];

学科分类号：

12 ; 1201 ; 1202 ; 120202 ;

摘要：

This article first reviews the major IT governance frameworks and then discusses the case study of a multinational enterprise. A problem and gap analysis employing an information security management systems (ISMS) compliance approach is performed via the establishment and evaluation of the company's statement of applicability (SOA) according to ISO 27001. The article concludes with recommendations for how the company can address the gaps in its ISMS and achieve security compliance in its IT governance.

引用

下载

页码：131 / 140

页数：10

共 50 条

[1] Corporate governance and information security
von Solms, B
COMPUTERS & SECURITY, 2001, 20 (03) : 215 - 218
[2] Security practices of accounting information and its contribution to the corporate governance compliance requirement
Solana-Gonzalez, Pedro
Souza Fontana, Karen Hackbart
Vanti, Adolfo Alberto
REVISTA GESTAO & TECNOLOGIA-JOURNAL OF MANAGEMENT AND TECHNOLOGY, 2019, 19 (02): : 149 - 174
[3] The role of information security in corporate governance
Lindup, K
COMPUTERS & SECURITY, 1996, 15 (06) : 477 - 485
[4] Role of information security in corporate governance
SRI Int, London, United Kingdom
Comput Secur, 6 (477-485):
[5] Information security: A corporate governance issue
Kritzinger-von Solms, E
Strous, LAM
INTEGRITY AND INTERNAL CONTROL IN INFORMATION SYSTEMS V, 2003, 124 : 115 - 133
[6] Integrating information security into corporate governance
Thomson, KL
von Solms, R
SECURITY AND PRIVACY IN THE AGE OF UNCERTAINTY, 2003, 122 : 169 - 180
[7] Corporate governance and information efficiency in security markets
Cai, Charlie X.
Keasey, Kevin
Short, Helen
EUROPEAN FINANCIAL MANAGEMENT, 2006, 12 (05) : 763 - 787
[8] Information Security Law: The Emerging Standard for Corporate Compliance
Fitz-Gerald, Stuart James
Wiggins, Bob
INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2010, 30 (01) : 98 - 98
[9] Information Security Governance: When Compliance Becomes More Important than Security
Tan, Terence C. C.
Ruighaver, Anthonie B.
Ahmad, Atif
SECURITY AND PRIVACY - SILVER LININGS IN THE CLOUD, 2010, 330 : 55 - +
[10] Corporate governance influencing compliance with the Swedish Code of Corporate Governance
Tagesson T.
Collin S.-O.Y.
International Journal of Disclosure and Governance, 2016, 13 (3) : 262 - 277

← 1 2 3 4 5 →