Information Security and Information Security Governance
Chapter 1 introduced Corporate Governance and Chapter 2 investigated Information Technology Governance (ITG) and its relationship with Corporate Governance. It was also indicated that Information Security Governance (ISG) is strongly related to ITG.
This chapter now moves to the real emphasis of this book: Information Security and ISG. It will first investigate Information Security as a discipline, and then look at ISG.
Information Security as a Multi-Dimensional Discipline
From Best Practice experience in the field of Information Security, it has become clear that it is a multi-dimensional discipline, and these different dimensions cover the span from strategic through tactical to operational aspects.
There is no single silver bullet for Information Security – this means that Information Security can only be successfully and effectively implemented in a company if all the constituting dimensions are implemented in a holistic and comprehensive way.
In this chapter,...
KeywordsCorporate Governance Information Security Executive Management Reference Framework Information Security Management
- 1.Information Security Management and Assurance – A Call to Action for Corporate Governance (1997). Available from http://www.theiia.org/download.cfm?file=22398. Accessed 2 April 2008
- 2.ISO/IEC 27002 (2005). Information Technology – Security Techniques – Code of Practice for Information Security Management. International Organization for Standardization. Available from www.iso.ch
- 3.COBIT (2005). Control Objectives for Information and Related Technology. Available from ISACA. Available from www.isaca.org
- 4.ISO/IEC 27001 (2005). Information Technology – Security Techniques – Information Security Management Systems – Requirements, International Organization for Standardization. Available from www.iso.ch
- 5.EU Privacy Directive 95/46/EC (1995). Available from http://www.cdt.org/privacy/eudirective/EU_Directive_.html. Accessed 21 March 2008
- 6.The Sarbanes-Oxley Act (2002). Available from http://www.soxlaw.com/. Accessed 21 March 2008
- 7.HIPAA (1006). The Health Insurance Portability and Accountability Act. Available from http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act. Accessed 21 March 2008
- 8.Gramm-Leach-Bliley Act (1999). Available from http://en.wikipedia.org/wiki/Gramm-Leach-Bliley_Act. Accessed 21 March 2008
- 9.Information Security Governance – A Call to Action (2004). National Cyber Security Summit Task Force. Available from http://www.entrust.com/news/2004/corporategovernancetaskforce.pdf?entsrc=isgfullreport. Accessed on 2 April 2008