Abstract
This paper intends to stimulate discussion, research and new points-of-action for IS/IT security management from the background of corporate governance, contemporary debates of how to express observable consequences of IT and IT security, and of didactic issues. It is concluded that empirical research within IT security management is rare as compared to theoretical approaches but needed in order to have IS/IT security management on par with general management.
Chapter PDF
References
A Call to Action for Corporate Governance, IIA, AICPA, ISACA, NACD, <www.theiia.org/eSAC/pdf/BLG0331.pdf (March 2000)
Anderson, Ross: Why Cryptosystems Fail, 1st Conf.-Computer and Comm. Security ′93-11/93-VA, USA (1993)
Basel II at www.bis.org/publ/bcbsca.html
Bjorck, Frdrik J. Discovering Information Security Management, upcoming PhD thesis, Department of Computer and Systems Sciences, Stockholm University (2005)
Burg, William D., Singleton, Tommie W: Assessing the Value of IT: Understanding and measuring the link between IT and strategy. Information Systems Control Journal 3 (2005) 40–44
Carr, Nicholas G.: IT Doesn’t Matter. Harvard Business Review. (May 2003)
Eriksson, Kjell: Electronic Highways in Sweden — Experiences from public sector. Safe EDI in the city of Gothenburg. In Yngström, L., (ed): Addendum to Proceedings of the IFIP TC11 eleventh international conference on information security, IFIP/Sec’95, South Africa, 9–12 May (1995) 6–10
Grand Challenges 2003 at http://www.cra.org/Activities/grand.challenges/security/home.html
Katsikas, S., Gritzalis D. (eds): A Proposal for a postgraduate curriculum in Information Security, Dependability and Safety, European Commission, Erasmus ICP-94(&95)-G-4016/11, Report IS-CD-4a, Athens, (September 1995)
Magnusson, Christer: Hedging Shareholder Value in an IT dependent Business Society — the Framework BRITS. PhD thesis, Department of Computer and Systems Sciences, Stockholm University report No 99-015 (1999)
Näckros, Kjell: Visualising Security through Computer Games. Investigating Game-Based Instruction in ICT Security: an Experimental Approach. PhD thesis, Department of Computer and Systems Sciences, Stockholm University report No 05-014 (2005)
Porter, M.E., What is strategy? Harvard Business Review. 74 (1996) 61–78
Sarbanes-Oxley Act at www.sec.gov/spotlight/sarbanes-oxley.htm
Sarup Deepak. IT Does Not Matter —Or, Does IT? Has IT moved from a strategic to a purely tactical function? Information Systems Control Journal 3 (2005) 28–31
Schultz, E. Eugene: Sabanes-Oxley — a huge boon to information security in the US, Computers & Security. 23 (2004) 353–354
Virtanen, Teemupekka: Changes in the profile of security managers. In Irvine, Cynthia, Armstrong, Helen (eds): Security Education and Critical Infrastructure, IFIP TC11/WG11.8 Third Annual World Conference on Information Security Education (WISE3), June 26–28, Monterey, California, USA, Kluwer Academic Publ, (2003) 41–49
Von Solms, Basie, von Solms, Rossow: From information security to....business security? Computers & Security 24 (2005) 271–273
Yngström L A Systemic-Holistic Approach to Academic Programmes in IT Security, PhD thesis, Department of Computer and Systems Sciences, Stockholm University report 96-021(1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Yngström, L. (2005). Can We Tune Information Security Management Into Meeting Corporate Governance Needs? (Invited Paper). In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds) Security Management, Integrity, and Internal Control in Information Systems. IICIS 2004. IFIP International Federation for Information Processing, vol 193. Springer, Boston, MA. https://doi.org/10.1007/0-387-31167-X_15
Download citation
DOI: https://doi.org/10.1007/0-387-31167-X_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29826-9
Online ISBN: 978-0-387-31167-8
eBook Packages: Computer ScienceComputer Science (R0)