Information Security Management – Best Practice Guidelines for Managers

Wüpper, Werner; Windhorst, Iryna

doi:10.1007/978-3-658-00333-3_3

Werner Wüpper⁴ &
Iryna Windhorst⁵

1331 Accesses
1 Citations

Abstract

This paper presents “Information Security Management – Best Practice Guidelines for Managers” writen by TeleTrusT – IT Security Association Germany – Working Group on Information Security Management (ISM) and aims to make clear, that properly understood and integrated enterprise information security minimizes risks, increases transparency and improves sustainably the security of the companies. It saves costs and enables to realize cost saving potentials, that would not be recognized without the information security management. The main focus of this paper is to achieve management awareness and to deliver answers to the key questions for top management in matters of ISM, like:

1.
What motivates the management to invest in comprehensive information security?
2.
How much and what kind of specific information security needs a business?
3.
How intact is my ISM orgaoisation today - Quick Check!
4.
What is the path to “step by step to success” in ISM!
5.
What are the added benefits and hidden cost saving potentials opened up by a holistic information security manageroent system (ISMS)!
6.
How useful is software support in information security and IT risk management?
7.
When and how comprehensive infonnation security management will be cost-effective (ROI)?

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Literature

A.T. Kearney press release “Large companies ignore the risks posed by hackers and industrial spies”
Google Scholar
The 2012 Global State of Information Security Survey® by PwC, CIO Magazine and CSO Magazine
Google Scholar
Racz, Nicolas; Weippl, Edgar; Seufert, Andreas: A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC). In: De Decker, Bart (Hrsg.); SchaumüllerBichl, Ingrid (Hrsg.): Communications and Multimedia Security Bd. 6109. Springer Berlin/ Heidelberg, 2010.
Google Scholar
ISACA: COBIT Framework for IT Governance and Control. http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx.
BITKOM; DIN: Kompass der IT-Sicherheitsstandards Leitfaden und Nachschlagewerk, 4. Auflage. August 2009
Google Scholar
Müller, Klaus-Rainer: IT-Sicherheit mit System. 4. Auflage. Vieweg + Teubner, 2011.
Google Scholar
Grünendahl, Ralf-T.; Steinbacher, Andreas F.; Will, Peter H. L.: COBIT und BSI als Leitschnur der IT-Sicherheit. In: Das IT-Gesetz: Compliance in der IT-Sicherheit. Vieweg + Teubner, 2009.
Google Scholar
[8] Goltsche, Wolfgang: COBIT kompakt und verständlich. Vieweg, 2006.
Google Scholar
Falk, Michael: Ableitung des Control-Frameworks für IT-Compliance. Gabler, 2012.
Google Scholar
DIN ISO/IEC: Informationstechnik – IT-Sicherheitsverfahren – Informationssicherheits-Managementsysteme – Anforderungen DIN ISO/IEC 27001. – Entwurf Februar 2007.
Google Scholar
Bundesamt für Sicherheit in der Informationstechnik: BSI-Standard 1001 Managementsysteme für Informationssicherheit Version 1.5., 2008.
Google Scholar
Humphreys, Edward: Information Security Management System Standards. In: Datenschutz und Datensicherheit 1, 2011.
Google Scholar
Kilian, Detlef: Einführung in Informationssicherheitsmanagementsysteme (I): Begriffsbestimmung und Standards. In: IT-Sicherheit & Datenschutz 10, 2006.
Google Scholar
Kilian, Detlef: Einführung in Informationsmanagementsysteme (II): BSI-Standards und Vergleich. In: IT-Sicherheit & Datenschutz 1, 2007.
Google Scholar
Kilian, Detlef: Einführung in Informationsmanagementsysteme (III): Praktische Umsetzung von Informationssicherheitsstandards. In: IT-Sicherheit & Datenschutz 3, 2007.
Google Scholar
Benedikt Pirzer: Analysis and evaluation of the effectiveness and efficiency of Information Security Management Systems, Mai 2012, http://www.sec.in.tum.de/finished-work/publication/231
Rumpel, Rainer, Glanze, Richard: Verfahren zur Wirtschaftlichkeitsanalyse von IT-Sicherheitsinvestitionen, http://www.e-journal-of-pbr.info/downloads/wirtschaftlichkeititsecurityrumpelglanze.pdf
PONEMON INSTITUTE: The True Cost of Compliance Benchmark Study of Multinational Organizations. http://www.tripwire.com/ponemon-cost-of-compliance/. Version: Januar 2011.

Download references

Author information

Authors and Affiliations

WMC GmbH, Hamburg, Germany
Werner Wüpper
Fraunhofer AISEC, München, Germany
Iryna Windhorst

Authors

Werner Wüpper
View author publications
You can also search for this author in PubMed Google Scholar
Iryna Windhorst
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Werner Wüpper .

Editor information

Editors and Affiliations

DuD Datenschutz und Datensicherung, TeleTrust Deutschland e.V., Eichendorffstr. 16, Erfurt, 99096, Thüringen, Germany
Helmut Reimer
Bornhoefferstr. 40a, Aachen, 52078, Germany
Norbert Pohlmann
Abraham-Lincoln-Str. 46, Wiesbaden, 65189, Germany
Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Wüpper, W., Windhorst, I. (2012). Information Security Management – Best Practice Guidelines for Managers. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2012 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-00333-3_3

Download citation

DOI: https://doi.org/10.1007/978-3-658-00333-3_3
Published: 11 December 2012
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-00332-6
Online ISBN: 978-3-658-00333-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics