Toward a New Integrated Approach of Information Security Based on Governance, Risk and Compliance

  • Mounia ZaydiEmail author
  • Bouchaib Nassereddine
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 111)


Nowadays, information system security (ISS) is more than just a technical issue, it becomes a business matter. To deal with it, disciplines such as ISS governance (ISS-Gov), ISS risk management (ISS-Risk) and ISS compliance (ISS-Compliance) have been emerged, nevertheless these domains have been addressed separately, which arises a problem of performance and efficiency. Hence, the necessity of an ISS integrated approach. This paper propose a new integrated approach of information security based on Governance, Risk management and Compliance (ISS-GRC).


ISS process Information system security Risk management Compliance Governance 


  1. 1.
    Mitchell, S.L.: GRC360: A framework to help organisations drive principled performance. Int. J. Discl. Governance 4(4), 279–296 (2007)CrossRefGoogle Scholar
  2. 2.
    Racz, N., Seufert, A., Weippl, E.: A process model for integrated IT governance, risk, and compliance management. In: Proceedings of the Ninth Baltic Conference on Databases and Information Systems (DB&IS 2010), p. 155 (2010)Google Scholar
  3. 3.
    Tapscott, D.: Trust and Competitive Advantage: An Integrated Approach to Governance, Risk & Compliance (2006)Google Scholar
  4. 4.
    PricewaterhouseCoopers: PricewaterhouseCoopers Integrity-Driven Performance PricewaterhouseCoopers International Limited, Germany (2004)Google Scholar
  5. 5.
    Vicente, P., da Silva, M.M.: A conceptual model for integrated governance, risk and compliance. In: Proceedings of the 23rd International Conference on Advanced Information Systems Engineering, p. 199. Springer, Heidelberg (2011)Google Scholar
  6. 6.
    Vunk, M., Mayer, N., Matulevičius, R.: A framework for assessing organisational IT governance, risk and compliance. In: International Conference on Software Process Improvement and Capability Determination, pp. 337–350 (2017)Google Scholar
  7. 7.
    Zaydi, M., Nassereddine, B.: A new comprehensive information system security governance framework a proposition of an information system security risk management unified process (4D-ISS), pp. 1–16 (2018)Google Scholar
  8. 8.
    Ohki, E., Harada, Y., Kawaguchi, S., Shiozaki, T., Kagaua, T.: Information security governance framework. In: Proceedings of the First ACM workshop on Information Security Governance, pp. 1–6 (2009)Google Scholar
  9. 9.
    ISO/IEC 38500:2015: Information technology - governance of IT for the organization. International Organization for Standardization, Geneva (2015)Google Scholar
  10. 10.
    Bloch, L., Wolfhugel, C.: Sécurité informatique: Principes et méthodes à l’usage des DSI, RSSI et administrateurs. Editions Eyrolles, 15 May 2013Google Scholar
  11. 11.
    Lewis, E., Millar, G.: The viable governance model – a theoretical model for the governance of IT. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (2009)Google Scholar
  12. 12.
    Racz, N., Weippl, E., Seufert, A.: A process model for integrated IT governance, risk, and compliance management (2010)Google Scholar
  13. 13.
    Humbert, J.P., Mayer, N.: La gestion des risques pour les systèmes d ’ information. 24, 1–12 (2006)Google Scholar
  14. 14.
    ISO 27005 LOGICAL C. Information technology–Security techniques–Information security management systems–Requirements (2013)Google Scholar
  15. 15.
    Asnar, Y., Massacci, F.: A method for security governance, risk, and compliance (GRC): a goal-process approach. In: LNCS (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6858, pp. 152–184 (2011)CrossRefGoogle Scholar
  16. 16.
    Rasmussen, M., Kark, K., Penn, J., McClean, C., Bernhardt, S.: Trends 2007: governance risk and compliance: organizations are motivated to formalize a federated GRC process (2007)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Faculty of Sciences and TechniquesHassan 1st UniversitySettatMorocco

Personalised recommendations