论文信息 - Enterprise Security Governance; A practical guide to implement and control Information Security Governance (ISG)

Enterprise Security Governance; A practical guide to implement and control Information Security Governance (ISG)

Following the advances of Information Technology (IT) Management and Information Security, organizations have felt the need to standardize their activities and, principally, to integrate any technological action with short and long-term business objectives and administrative strategies. Through the interrelationship of corporative and technological governance, with Information Security Governance (ISG), it becomes possible to reach this alignment, contributing to corporative results. The purpose of this paper is to present a framework for implementing Information Security Governance, which considers the integration between strategical objectives and their indicators - Balanced Scorecard (BSC) - with IT business objectives from CobiT, as well as security best practices from ISO/IEC 17799.

G. A. de Oliveira Alves | L.F.R. da Costa Carmo | A.C.R.D. de Almeida

[1] Paul Williams. Information Security Governance , 2001, Inf. Secur. Tech. Rep..

[2] Thomas Peltier,et al. Information Technology: Code of Practice for Information Security Management , 2001 .

[3] Sebastiaan H. von Solms,et al. Information Security Governance - Compliance management vs operational management , 2005, Comput. Secur..

[4] Martin P. Loeb,et al. CSI/FBI Computer Crime and Security Survey , 2004 .

[5] Ken Lindup. The role of information security in corporate governance , 1996, Comput. Secur..

[6] Rossouw von Solms,et al. From information security to ... business security? , 2005, Comput. Secur..

[7] Rossouw von Solms,et al. A framework for the governance of information security , 2004, Comput. Secur..

[8] R. Power. CSI/FBI computer crime and security survey , 2001 .