Abstract
Information is an important asset of any organisation and the protection of this asset, through information security is equally important. This paper examines the relationship between corporate governance and information security and the fact that top management is responsible for high-quality information security.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35691-4_52
Chapter PDF
Similar content being viewed by others
References
British Standards Institute. (1993). Code of practice for information security management (CoP). DISC PD 0003. UK.
Bruce, G. and Dempsey, R. (1997). Security in distributed computing — did you lock the door?. Upper Saddle River, New Jersey: Prentice Hall.
Botha, D.H., Oosthuizen, M.J., De La Rey, E.M. (1987). Corporate law. Durban, South Africa: Buttersworth.
BS 7799–1. (1999). Code of practice for information security management (CoP). DISC PD 0007. UK.
Coetzee, J. (2002). Presentation on King II at ISSA 2002. [online]. [cited 31 July 2002] Available from Internet: URL http://cs web. rau.ac.za/ifip/issa2002/presentations/Johan%20Coetzee.doc
Corporate Governance Institute (2002). [online]. [cited 14 July 2002] Available from Internet: URL http://cs web. rau. ac. za/ifip/issa2002/presentations/Basie%20von%20Solms.p
Datamonitor (2001). [online]. [cited 13 April 2002] Available from Internet: URL http://www.datamonitor.com/viewnewsstory.asp?id=1375
Farber, D. (2002, July 15). Unplugged: FBI CIO Darwin John. ZDNet [online]. [cited 25 July 2002] Available from Internet: URL http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2874158–2,00.html
Global Information Security Survey [CD-ROM]. (2002). South Africa: KPMG. IIA, AICPA, ISACA, NA CD. (March 2000). A call to action for corporate governance [online]. [cited 16 July 2002] Available from Internet: URL http://cs web. rau.ac.za/ifip/issa2002/presentations/Basie%20von%20SoIms.p
Krige, W. (1999). The usage of audit logs for effective information security management. Unpublished master’s thesis. Port Elizabeth Technikon, Port Elizabeth, South Africa.
Lane, V.P. (1985). Security of computer based information systems. London: Macmillan.
McKinsey and Company (USA) (2000, June). Investor Opinion Survey. [online]. [cited 22 April 2002]. Available from Internet: URL http://www.gcgf.org/does/72CGBrochure.PDF
National State Auditors Association and US General Accounting Office ( 2001, December 10). Management planning guide for information systems security auditing [online]. [cited 11 October 2002] Available from Internet: URL http://www.gao.gov/special.pubs/mgmtpin.pdf
Planting, S. (2001, March 9). Giving boards a workout - the fish rots from the head. Future Company [online]. [cited 27 April 2002] Available from Internet: URL http://www.futurecompany.co.za/2001/03/09/reviewb.htm
Smith, M.R. (1989). Commonsense computer security. London: McGraw-Hill.
South Africa. King Committee on Corporate Governance. (2001). King report on corporate governance for South Africa 2001.
Von Solms, B. (2002). Corporate governance, IT governance and information security. [online]. [cited 16 July 2002] Available from Internet: URL http://cs web. rau. ac. za/ifip/issa2002/presentations/Basie%20von%20Sol ms. p
Von Solms, B. (2001). Information security — a multidimensional discipline. Computers and Security, Vol. 20, No. 6, pp. 504 — 508.
Leveson, G. (1970). Company directors — law and practice. Durban, South Africa: Buttersworth.
Wood, C.C. (1999). Information security policies made easy. Baseline Software.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Thomson, KL., von Solms, R. (2003). Integrating Information Security into Corporate Governance. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds) Security and Privacy in the Age of Uncertainty. SEC 2003. IFIP — The International Federation for Information Processing, vol 122. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35691-4_15
Download citation
DOI: https://doi.org/10.1007/978-0-387-35691-4_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6489-5
Online ISBN: 978-0-387-35691-4
eBook Packages: Springer Book Archive