Abstract
This paper presents “Information Security Management – Best Practice Guidelines for Managers” writen by TeleTrusT – IT Security Association Germany – Working Group on Information Security Management (ISM) and aims to make clear, that properly understood and integrated enterprise information security minimizes risks, increases transparency and improves sustainably the security of the companies. It saves costs and enables to realize cost saving potentials, that would not be recognized without the information security management. The main focus of this paper is to achieve management awareness and to deliver answers to the key questions for top management in matters of ISM, like:
-
1.
What motivates the management to invest in comprehensive information security?
-
2.
How much and what kind of specific information security needs a business?
-
3.
How intact is my ISM orgaoisation today - Quick Check!
-
4.
What is the path to “step by step to success” in ISM!
-
5.
What are the added benefits and hidden cost saving potentials opened up by a holistic information security manageroent system (ISMS)!
-
6.
How useful is software support in information security and IT risk management?
-
7.
When and how comprehensive infonnation security management will be cost-effective (ROI)?
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Literature
A.T. Kearney press release “Large companies ignore the risks posed by hackers and industrial spies”
The 2012 Global State of Information Security Survey® by PwC, CIO Magazine and CSO Magazine
Racz, Nicolas; Weippl, Edgar; Seufert, Andreas: A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC). In: De Decker, Bart (Hrsg.); SchaumüllerBichl, Ingrid (Hrsg.): Communications and Multimedia Security Bd. 6109. Springer Berlin/ Heidelberg, 2010.
ISACA: COBIT Framework for IT Governance and Control. http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx.
BITKOM; DIN: Kompass der IT-Sicherheitsstandards Leitfaden und Nachschlagewerk, 4. Auflage. August 2009
Müller, Klaus-Rainer: IT-Sicherheit mit System. 4. Auflage. Vieweg + Teubner, 2011.
Grünendahl, Ralf-T.; Steinbacher, Andreas F.; Will, Peter H. L.: COBIT und BSI als Leitschnur der IT-Sicherheit. In: Das IT-Gesetz: Compliance in der IT-Sicherheit. Vieweg + Teubner, 2009.
[8] Goltsche, Wolfgang: COBIT kompakt und verständlich. Vieweg, 2006.
Falk, Michael: Ableitung des Control-Frameworks für IT-Compliance. Gabler, 2012.
DIN ISO/IEC: Informationstechnik – IT-Sicherheitsverfahren – Informationssicherheits-Managementsysteme – Anforderungen DIN ISO/IEC 27001. – Entwurf Februar 2007.
Bundesamt für Sicherheit in der Informationstechnik: BSI-Standard 1001 Managementsysteme für Informationssicherheit Version 1.5., 2008.
Humphreys, Edward: Information Security Management System Standards. In: Datenschutz und Datensicherheit 1, 2011.
Kilian, Detlef: Einführung in Informationssicherheitsmanagementsysteme (I): Begriffsbestimmung und Standards. In: IT-Sicherheit & Datenschutz 10, 2006.
Kilian, Detlef: Einführung in Informationsmanagementsysteme (II): BSI-Standards und Vergleich. In: IT-Sicherheit & Datenschutz 1, 2007.
Kilian, Detlef: Einführung in Informationsmanagementsysteme (III): Praktische Umsetzung von Informationssicherheitsstandards. In: IT-Sicherheit & Datenschutz 3, 2007.
Benedikt Pirzer: Analysis and evaluation of the effectiveness and efficiency of Information Security Management Systems, Mai 2012, http://www.sec.in.tum.de/finished-work/publication/231
Rumpel, Rainer, Glanze, Richard: Verfahren zur Wirtschaftlichkeitsanalyse von IT-Sicherheitsinvestitionen, http://www.e-journal-of-pbr.info/downloads/wirtschaftlichkeititsecurityrumpelglanze.pdf
PONEMON INSTITUTE: The True Cost of Compliance Benchmark Study of Multinational Organizations. http://www.tripwire.com/ponemon-cost-of-compliance/. Version: Januar 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Wüpper, W., Windhorst, I. (2012). Information Security Management – Best Practice Guidelines for Managers. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2012 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-00333-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-658-00333-3_3
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-00332-6
Online ISBN: 978-3-658-00333-3
eBook Packages: Computer ScienceComputer Science (R0)