Information security management: A hierarchical framework for various approaches

被引:37
|
作者
Eloff, MM [1 ]
von Solms, SH
机构
[1] Technikon Witwatersrand, Sch Informat Technol, Johannesburg, South Africa
[2] Rand Afrikaans Univ, Dept Comp Sci, Johannesburg, South Africa
来源
COMPUTERS & SECURITY | 2000年 / 19卷 / 03期
关键词
certification; controls; standards; guidelines; code of practice; accreditation; benchmarking; self-assessment; legislation; evaluation criteria;
D O I
10.1016/S0167-4048(00)88613-7
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The present article is aimed at clarifying the oft-times confusing terminology and at elucidating the various approaches obtaining to the realm of Information Security (IS) management. The IS management approaches selected for discussion in this article will specifically address those rudiments and concepts that play a key role in the assessment of the IS status of an organization. Following, a hierarchical framework will be developed in terms of which to elucidate ill-defined terms and concerts. By so doing, issues such as certification, benchmarking, guidelines and codes of practice will conic under consideration. IS management approahes widely accepted in the international arena. will also be mapped onto the said hierarchical framework.
引用
收藏
页码:243 / 256
页数:14
相关论文
共 50 条
  • [1] A FRAMEWORK FOR INFORMATION SECURITY MANAGEMENT
    Angheluta, Dragos-Ionut
    Lupu, Luminita-Mihaela
    [J]. FROM MANAGEMENT OF CRISIS TO MANAGEMENT IN A TIME OF CRISIS, 2016, : 2 - 16
  • [2] A framework for the management of information security
    Leiwo, J
    Zheng, YL
    [J]. INFORMATION SECURITY, 1998, 1396 : 232 - 245
  • [3] A Hierarchical Framework of Security Situation Assessment for Information System
    Jia, Yiyang
    Wu, Haiyan
    Jiang, Dongxing
    [J]. 2015 INTERNATIONAL CONFERENCE ON CYBER-ENABLED DISTRIBUTED COMPUTING AND KNOWLEDGE DISCOVERY, 2015, : 23 - 28
  • [4] A conceptual framework for information security management
    Finne, T
    [J]. COMPUTERS & SECURITY, 1998, 17 (04) : 303 - 307
  • [5] A framework for the management of information security risks
    Jones, A.
    [J]. BT TECHNOLOGY JOURNAL, 2007, 25 (01) : 30 - 36
  • [6] An Integrated Framework for Information Security Management
    Ma, Qingxiong
    Schmidt, Mark B.
    Pearson, J. Michael
    [J]. REVIEW OF BUSINESS, 2009, 30 (01): : 58 - 69
  • [7] A Framework for Information Security Governance and Management
    Carcary, Marian
    Renaud, Karen
    McLaughlin, Stephen
    O'Brien, Conor
    [J]. IT PROFESSIONAL, 2016, 18 (02) : 22 - 30
  • [8] A process framework for information security management
    Haufe, Knut
    Colomo-Palacios, Ricardo
    Dzombeta, Srdan
    Brandis, Knud
    Stantchev, Vladimir
    [J]. IJISPM-INTERNATIONAL JOURNAL OF INFORMATION SYSTEMS AND PROJECT MANAGEMENT, 2016, 4 (04): : 27 - 47
  • [9] An integral framework for information systems security management
    Trcek, D
    [J]. COMPUTERS & SECURITY, 2003, 22 (04) : 337 - 360
  • [10] SIMOnt: A Security Information Management Ontology Framework
    Abulaish, Muhammad
    Nabi, Syed Irfan
    Alghathbar, Khaled
    Chikh, Azeddine
    [J]. SECURE AND TRUST COMPUTING, DATA MANAGEMENT, AND APPLICATIONS, 2011, 186 : 201 - +
12345