Abstract
This paper demonstrates that information security is more than a technical issue, through the development of an information security responsibility framework that shows consideration for strategic and legal issues as well. It is important that information security be viewed as both a governance challenge and a management responsibility. In order to achieve this this paper addresses information security governance and the board’s participation in directing and controlling security efforts. Furthermore information security management is addressed in order to demonstrate how information security should be implemented. Once a comprehensive picture of the information security function has been established, the roles of various individuals in terms of information security are discussed and mapped out in the responsibility framework in order to demonstrate the true scope of an organizations information security function.
Chapter PDF
References
Birman, K. P., 2000, The next generation internet: Unsafe at any speed. IEEE Computer, 33(8), 54–60.
BS 7799, 1999, BS 7799: Code of Practice for Information Security Management as a base for Certification.
Corporate Governance Task Force, 2004, Information Security Governance: A Call To Action. Available from: http://www.cyberpartnership.org/InfoSecGov4_04.pdf.
Entrust, 2004, Information Security Governance (ISG): An Essential Element of Corporate Governance. Available from: http://itresearch.forbes.com/detail/RES/1082396487_702.html.
Gerber, M., & von Solms, R., 2001, From risk analysis to security requirements. Computers and Security, 20(7), 577–584.
Humphreys, E. J., Moses, R. H., & Plate, E. A., 1998, Guide to BS7799 Risk Assessment and Management. British Standards Institution.
IT Governance Institute, 2004, IT Strategy Committee. Available from: http://www.ITgovernance.org/resources.htm.
IT Governance Institute, 2005, Information Security Governance: Guidance for Boards of Directors and Executive Management. Available from: http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=15998.
King Report, 2001, The King Report on Corporate Governance for South Africa. Available from: http://www.iodsa.co.za/IoD%20Draft%20King%20Report.pdf.
Posthumus, S., & von Solms, R., 2004, A framework for the governance of information security. Computers and Security, 23(8), 638–646.
Swindle, O., & Conner, B., 2004, The Link between Information Security and Corporate Governance. Available from: http://www.computerworld.com/securitytopics/security/story/0,10801,92915,00.html.
Thompson, K., & von Solms, R., 2003, Integrating information security into corporate culture. Masters dissertation, Nelson Mandela Metropolitan University, Port Elizabeth, South Africa.
Trillium Software, 2004, Corporate Governance and Compliance: Could Data Quality Be Your Downfall? Available from: http://www.trilliumsoftware.com/success/dqic.pdf.
Vericept Corporation, 2004, Preventing Identity Theft and Loss of Intellectual Property: The Importance of Information Security in Internal Controls and Corporate governance. Available from: http://www.vericept.com/Downloads/WhitePapers/Vericept_Fraud_IdentityTheft_WP.pdf.
Whitman, M. E., & Mattord, H. J., 2003, Principles of information security. In (pp. 153–190). Course Technology.
World Bank Group, 1999, Corporate Governance: A Framework for Implementation. Available from: http://www.worldbank.org/html/fpd/privatesector/cg/docs/gcgfbooklet.pdf.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Posthumus, S., von Solms, R. (2005). A Responsibility Framework for Information Security. In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds) Security Management, Integrity, and Internal Control in Information Systems. IICIS 2004. IFIP International Federation for Information Processing, vol 193. Springer, Boston, MA. https://doi.org/10.1007/0-387-31167-X_13
Download citation
DOI: https://doi.org/10.1007/0-387-31167-X_13
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29826-9
Online ISBN: 978-0-387-31167-8
eBook Packages: Computer ScienceComputer Science (R0)