A Model of Information Assurance Benefits

Abstract Security concerns are on the increase in all organizations worldwide and there is a growing number of calls urging senior managers and top executives to take greater interest in information security (Fourie, 2003). These calls are mainly based on the premise that the engagement of senior managers and directors with the information security responsibility is key to achieving good security (ISO, 2000; Thomson and von Solms, 2003). But are these calls being heard? Unfortunately, there is evidence that the issue is not reaching the top layers of organizations, or that it only does so at irregular intervals and on an adhoc basis (Ezingeard et al., 2004b), with the attention of senior managers for information security centered around incidents, either published in the press or internally identified.

[1]  Andrew Rathmell,et al.  Engaging the Board: Corporate Governance and Information Assurance , 2004 .

[2]  A. Hovav,et al.  The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms , 2003 .

[3]  Vernon J. Richardson,et al.  Information Transfer among Internet Firms: The Case of Hacker Attacks , 2003, J. Inf. Syst..

[4]  Patricia Y. Logan,et al.  Teaching Case: Bitten by a Bug: A Case Study in Malware Infection , 2003, J. Inf. Syst. Educ..

[5]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[6]  L. Fourie,et al.  The management of information security: A South African case study , 2003 .

[7]  Rossouw von Solms,et al.  Integrating Information Security into Corporate Governance , 2003, SEC.

[8]  Ashish Garg,et al.  Quantifying the financial impact of IT security breaches , 2003, Inf. Manag. Comput. Secur..

[9]  Joseph George Boyce,et al.  Information Assurance: Managing Organizational IT Security Risks , 2002 .

[10]  Albert H. Segars,et al.  An Empirical Examination of the Concern for Information Privacy Instrument , 2002, Inf. Syst. Res..

[11]  Carl E. Landwehr,et al.  Computer security , 2001, International Journal of Information Security.

[12]  C. Colwill,et al.  Information Assurance , 2001 .

[13]  Philip Stiles,et al.  Boards at Work: How Directors View their Roles and Responsibilities , 2001 .

[14]  Marco Pistoia,et al.  Security challenges for Enterprise Java in an e-business environment , 2001, IBM Syst. J..

[15]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[16]  John M. Ward,et al.  Information Systems and Technology Application Portfolio Management – an Assessment Or Matrix-Based Analyses , 1988, J. Inf. Technol..