Information Security and Information Security Governance

  • S.H. von Solms
  • R von Solms


Chapter 1 introduced Corporate Governance and Chapter 2 investigated Information Technology Governance (ITG) and its relationship with Corporate Governance. It was also indicated that Information Security Governance (ISG) is strongly related to ITG.

This chapter now moves to the real emphasis of this book: Information Security and ISG. It will first investigate Information Security as a discipline, and then look at ISG.

Information Security as a Multi-Dimensional Discipline

From Best Practice experience in the field of Information Security, it has become clear that it is a multi-dimensional discipline, and these different dimensions cover the span from strategic through tactical to operational aspects.

There is no single silver bullet for Information Security – this means that Information Security can only be successfully and effectively implemented in a company if all the constituting dimensions are implemented in a holistic and comprehensive way.

In this chapter,...


Corporate Governance Information Security Executive Management Reference Framework Information Security Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Information Security Management and Assurance – A Call to Action for Corporate Governance (1997). Available from Accessed 2 April 2008
  2. 2.
    ISO/IEC 27002 (2005). Information Technology – Security Techniques – Code of Practice for Information Security Management. International Organization for Standardization. Available from
  3. 3.
    COBIT (2005). Control Objectives for Information and Related Technology. Available from ISACA. Available from
  4. 4.
    ISO/IEC 27001 (2005). Information Technology – Security Techniques – Information Security Management Systems – Requirements, International Organization for Standardization. Available from
  5. 5.
    EU Privacy Directive 95/46/EC (1995). Available from Accessed 21 March 2008
  6. 6.
    The Sarbanes-Oxley Act (2002). Available from Accessed 21 March 2008
  7. 7.
    HIPAA (1006). The Health Insurance Portability and Accountability Act. Available from Accessed 21 March 2008
  8. 8.
    Gramm-Leach-Bliley Act (1999). Available from Accessed 21 March 2008
  9. 9.
    Information Security Governance – A Call to Action (2004). National Cyber Security Summit Task Force. Available from Accessed on 2 April 2008

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • S.H. von Solms
    • 1
  • R von Solms
    • 2
  1. 1.University of JohannesburgSouth Africa
  2. 2.Nelson Mandela Metropolitan UniversitySouth Africa

Personalised recommendations