Information Security Governance - Compliance management vs operational management

被引:38
|
作者
von Solms, SH [1 ]
机构
[1] Univ Johannesburg, Dept Acad Informat Technol, ZA-2006 Johannesburg, South Africa
来源
COMPUTERS & SECURITY | 2005年 / 24卷 / 06期
关键词
information security; information security management; information technology governance; corporate governance; operational management; compliance management; risk management;
D O I
10.1016/j.cose.2005.07.003
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper discusses the difference that should exist between Information Security Operational Management and Information Security Compliance Management. The paper argues that for good Information Security Governance, good IT Governance and good Corporate Governance, these two dimensions of Information Security Management should be totally separate, and housed in separate departments. (C) 2005 Elsevier Ltd. All rights reserved.
引用
收藏
页码:443 / 447
页数:5
相关论文
共 50 条
  • [1] MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned
    Takamura, Eduardo
    Gomez-Rosa, Carlos
    Mangum, Kevin
    Wasiak, Fran
    [J]. 2014 IEEE AEROSPACE CONFERENCE, 2014,
  • [2] A Framework for Information Security Governance and Management
    Carcary, Marian
    Renaud, Karen
    McLaughlin, Stephen
    O'Brien, Conor
    [J]. IT PROFESSIONAL, 2016, 18 (02) : 22 - 30
  • [3] INFORMATION SECURITY ASPECT OF OPERATIONAL RISK MANAGEMENT
    Zawila-Niedzwiecki, Janusz
    Byczkowski, Maciej
    [J]. FOUNDATIONS OF MANAGEMENT, 2009, 1 (02) : 45 - 60
  • [4] Information security governance: A challenge for senior management
    von Solms, R
    [J]. Innovations Through Information Technology, Vols 1 and 2, 2004, : 1130 - 1131
  • [5] Risk management, compliance and governance for resistant information systems
    Schermann, Michael
    Krcmar, Helmut
    [J]. INFORMATIK 2010 - Service Science - Neue Perspektiven fur die Informatik, Beitrage der 40. Jahrestagung der Gesellschaft fur Informatik e.V. (GI), 2010, 2 : 229 - 230
  • [6] INFORMATION SECURITY OF THE BANK IN THE OPERATIONAL RISK MANAGEMENT SYSTEM
    Bezshtanko, D. V.
    [J]. FINANCIAL AND CREDIT ACTIVITY-PROBLEMS OF THEORY AND PRACTICE, 2012, 1 (12):
  • [7] The Operational Role of Security Information and Event Management Systems
    Bhatt, Sandeep
    Manadhata, Pratyusa K.
    Zomlot, Loai
    [J]. IEEE SECURITY & PRIVACY, 2014, 12 (05) : 35 - 41
  • [8] A Novel Approach for Optimizing Governance, Risk management and Compliance for Enterprise Information security using DEMATEL and FoM
    Ramalingam, Dharmalingam
    Arun, Shivasankarappa
    Anbazhagan, Neelamegam
    [J]. 15TH INTERNATIONAL CONFERENCE ON MOBILE SYSTEMS AND PERVASIVE COMPUTING (MOBISPC 2018) / THE 13TH INTERNATIONAL CONFERENCE ON FUTURE NETWORKS AND COMMUNICATIONS (FNC-2018) / AFFILIATED WORKSHOPS, 2018, 134 : 365 - 370
  • [9] Security Requirements Elicitation from Engineering Governance, Risk Management and Compliance
    Ghiran, Ana-Maria
    Buchmann, Robert Andrei
    Osman, Cristina-Claudia
    [J]. REQUIREMENTS ENGINEERING: FOUNDATION FOR SOFTWARE QUALITY (REFSQ 2018), 2018, 10753 : 283 - 289
  • [10] Exploring information security compliance in corporate IT governance
    Tarn, J. Michael
    Raymond, Heath
    Razi, Muhammad
    Han, Bernard T.
    [J]. HUMAN SYSTEMS MANAGEMENT, 2009, 28 (03) : 131 - 140
12345