Can We Tune Information Security Management Into Meeting Corporate Governance Needs? (Invited Paper)

  • Louise Yngström
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 193)


This paper intends to stimulate discussion, research and new points-of-action for IS/IT security management from the background of corporate governance, contemporary debates of how to express observable consequences of IT and IT security, and of didactic issues. It is concluded that empirical research within IT security management is rare as compared to theoretical approaches but needed in order to have IS/IT security management on par with general management.

Key words

IS/IT Security Management Corporate Governance Holistic Approach 


  1. 1.
    A Call to Action for Corporate Governance, IIA, AICPA, ISACA, NACD, < (March 2000)Google Scholar
  2. 2.
    Anderson, Ross: Why Cryptosystems Fail, 1st Conf.-Computer and Comm. Security ′93-11/93-VA, USA (1993)Google Scholar
  3. 3.
    Basel II at Scholar
  4. 4.
    Bjorck, Frdrik J. Discovering Information Security Management, upcoming PhD thesis, Department of Computer and Systems Sciences, Stockholm University (2005)Google Scholar
  5. 5.
    Burg, William D., Singleton, Tommie W: Assessing the Value of IT: Understanding and measuring the link between IT and strategy. Information Systems Control Journal 3 (2005) 40–44Google Scholar
  6. 6.
    Carr, Nicholas G.: IT Doesn’t Matter. Harvard Business Review. (May 2003)Google Scholar
  7. 7.
    Eriksson, Kjell: Electronic Highways in Sweden — Experiences from public sector. Safe EDI in the city of Gothenburg. In Yngström, L., (ed): Addendum to Proceedings of the IFIP TC11 eleventh international conference on information security, IFIP/Sec’95, South Africa, 9–12 May (1995) 6–10Google Scholar
  8. 8.
    Grand Challenges 2003 at Scholar
  9. 9.
    Katsikas, S., Gritzalis D. (eds): A Proposal for a postgraduate curriculum in Information Security, Dependability and Safety, European Commission, Erasmus ICP-94(&95)-G-4016/11, Report IS-CD-4a, Athens, (September 1995)Google Scholar
  10. 10.
    Magnusson, Christer: Hedging Shareholder Value in an IT dependent Business Society — the Framework BRITS. PhD thesis, Department of Computer and Systems Sciences, Stockholm University report No 99-015 (1999)Google Scholar
  11. 11.
    Näckros, Kjell: Visualising Security through Computer Games. Investigating Game-Based Instruction in ICT Security: an Experimental Approach. PhD thesis, Department of Computer and Systems Sciences, Stockholm University report No 05-014 (2005)Google Scholar
  12. 12.
    Porter, M.E., What is strategy? Harvard Business Review. 74 (1996) 61–78Google Scholar
  13. 13.
    Sarbanes-Oxley Act at Scholar
  14. 14.
    Sarup Deepak. IT Does Not Matter —Or, Does IT? Has IT moved from a strategic to a purely tactical function? Information Systems Control Journal 3 (2005) 28–31Google Scholar
  15. 15.
    Schultz, E. Eugene: Sabanes-Oxley — a huge boon to information security in the US, Computers & Security. 23 (2004) 353–354CrossRefGoogle Scholar
  16. 16.
    Virtanen, Teemupekka: Changes in the profile of security managers. In Irvine, Cynthia, Armstrong, Helen (eds): Security Education and Critical Infrastructure, IFIP TC11/WG11.8 Third Annual World Conference on Information Security Education (WISE3), June 26–28, Monterey, California, USA, Kluwer Academic Publ, (2003) 41–49Google Scholar
  17. 17.
    Von Solms, Basie, von Solms, Rossow: From information security security? Computers & Security 24 (2005) 271–273CrossRefGoogle Scholar
  18. 18.
    Yngström L A Systemic-Holistic Approach to Academic Programmes in IT Security, PhD thesis, Department of Computer and Systems Sciences, Stockholm University report 96-021(1996)Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Louise Yngström
    • 1
  1. 1.Department of Computer and Systems SciencesStockholm University/KTHStockholm

Personalised recommendations