Information security management: An approach to combine process certification and product evaluation

Information Security (IS) is the key to the effective management of any organisation in today's commercial and industrial sectors. Line managers' performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management's performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural rind management perspective, in which care the focus will. instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management. in terms of which full cognisance will be taken of both these perspectives.