Information security management: The second generation
暂无分享,去创建一个
Information security has moved a long way from the early days when physical security, together with a set of backups, formed the backbone of a company's security controls. Today, information security is all about policies, standards, awareness programs, security strategies, etc. The aim of information security management efforts is to enhance confidence in the effectiveness of the information services within an organization. Unfortunately, this confidence is restricted to the organization itself and can only, with great effort, be passed on to external parties. Today, business partners need to link their computer systems for business reasons, but first want to receive some sort of proof that the other partner has got an adequate level of information security in place. A security evaluation and certification scheme that can instill confidence and assurance, regarding information security status, to external business parties will solve a lot of problems for the commercial world. This approach to Information Security Management, to proof adequate information security to external parties, is termed in this paper as; The Second Generation of Information Security Management.
[1] Charles H. Schmauch. ISO 9000 for software developers , 1994 .
[2] Charles Cresson Wood,et al. ISO 9000 and information security , 1995, Comput. Secur..
[3] Leon Strous. Security evaluation criteria , 1994, Comput. Secur..
[4] Gary Hardy,et al. Promoting computer security through positive computer audit , 1995 .
[5] Kevin J. Fitzgerald. Information security baselines , 1995, Inf. Manag. Comput. Secur..