Exploring information security compliance in corporate IT governance

被引：5

作者：

Tarn, J. Michael ^{[1
]}

Raymond, Heath ^{[2
]}

Razi, Muhammad ^{[1
]}

Han, Bernard T. ^{[1
]}

机构：

[1] Western Michigan Univ, Haworth Coll Business, Dept Business Informat Syst, 1903 W Michigan Ave,MS 5412, Kalamazoo, MI 49008 USA

[2] Keane Inc, Grand Rapids, MI USA

来源：

HUMAN SYSTEMS MANAGEMENT | 2009年 / 28卷 / 03期

关键词：

Information security management; IT governance; security; compliance;

D O I：

10.3233/HSM-2009-0698

中图分类号：

C93 [管理学];

学科分类号：

12 ; 1201 ; 1202 ; 120202 ;

摘要：

This article first reviews the major IT governance frameworks and then discusses the case study of a multinational enterprise. A problem and gap analysis employing an information security management systems (ISMS) compliance approach is performed via the establishment and evaluation of the company's statement of applicability (SOA) according to ISO 27001. The article concludes with recommendations for how the company can address the gaps in its ISMS and achieve security compliance in its IT governance.

引用

页码：131 / 140

页数：10

共 50 条

[41] Applying information security governance
Moulton, R
Coles, RS
COMPUTERS & SECURITY, 2003, 22 (07) : 580 - 584
[42] Information security governance framework
Faculty of Informatics, Kogakuin University, Japan
不详
不详
不详
不详
不详
Proc ACM Conf Computer Commun Secur, (1-5):
[43] Governance performance and functions of accounting information in the corporate governance
Lu Jing
Proceedings of the 2006 International Conference on Management Science & Engineering (13th), Vols 1-3, 2006, : 1679 - 1682
[44] Value Information of Corporate Decisions and Corporate Governance Practices*
Byun, Hae-Young
Hwang, Lee-Seok
Lee, Woo-Jong
ASIA-PACIFIC JOURNAL OF FINANCIAL STUDIES, 2011, 40 (01) : 69 - 108
[45] An information security governance framework
Da Veiga, A.
Eloff, J. H. P.
INFORMATION SYSTEMS MANAGEMENT, 2007, 24 (04) : 361 - 372
[46] An Overview of Information Security Governance
Asgarkhani, Mehdi
Correia, Eduardo
Sarkar, Amit
2017 INTERNATIONAL CONFERENCE ON ALGORITHMS, METHODOLOGY, MODELS AND APPLICATIONS IN EMERGING TECHNOLOGIES (ICAMMAET), 2017,
[47] A framework for the governance of information security
Posthumus, S
von Solms, R
COMPUTERS & SECURITY, 2004, 23 (08) : 638 - 646
[48] Corporate governance roles of information quality and corporate takeovers
Jing Li
Lin Nan
Ran Zhao
Review of Accounting Studies, 2018, 23 : 1207 - 1240
[49] Corporate governance roles of information quality and corporate takeovers
Li, Jing
Nan, Lin
Zhao, Ran
REVIEW OF ACCOUNTING STUDIES, 2018, 23 (03) : 1207 - 1240
[50] Corporate governance codes and the supply of corporate information in the UK
Sheridan, Lynsey
Jones, Edward
Marston, Claire
CORPORATE GOVERNANCE-AN INTERNATIONAL REVIEW, 2006, 14 (05) : 497 - 503

← 1 2 3 4 5 →