A framework towards effective control in information security governance

The importance of information in business today has made the need to properly secure this asset evident. Information security has become a responsibility for all managers of an organization. To better support more efficient management of information security (IS), timely IS information should be made available to all managers. This paper discusses an Information Security Reporting System Architecture that aims to improve the visibility and contribute to better management of IS throughout an organization by enabling the provision of summarized, comprehensive IS information to all managers.

[1]  Finn Olav Sveen,et al.  Toward viable information security reporting systems , 2007, Inf. Manag. Comput. Secur..

[2]  Sebastiaan H. von Solms,et al.  Information Security governance: COBIT or ISO 17799 or both? , 2005, Comput. Secur..

[3]  Edward H. Freeman Holistic Information Security: ISO 27001 and Due Care , 2007, Inf. Secur. J. A Glob. Perspect..

[4]  Ralph Kimball,et al.  The Data Warehouse Toolkit: The Complete Guide to Dimensional Modeling , 1996 .

[5]  M. Whitman,et al.  Management Of Information Security , 2004 .

[6]  Stephen Flowerday,et al.  Continuous auditing technologies and models: A discussion , 2006, Comput. Secur..

[7]  Linda S. Spedding,et al.  The Sarbanes-Oxley Act of 2002 , 2009 .

[8]  Wullianallur Raghupathi,et al.  Corporate governance of IT: a framework for development , 2007, CACM.

[9]  Krag Brotby Information Security Governance , 2009 .

[10]  Donald L. Pipkin Information Security: Protecting the Global Enterprise , 2000 .

[11]  Marcus Nohlberg,et al.  User-centred security applied to the development of a management information system , 2007, Inf. Manag. Comput. Secur..

[12]  M. S. F. E. Dunning O.T.R. Management information systems , 2008, The journal of mental health administration.

[13]  O. Oecd,et al.  The OECD principles of corporate governance , 2009 .

[14]  Syaiful Ali Effective Information Technology Governance Mechanisms: An Australian Study , 2006 .

[15]  Russell L. Ackoff,et al.  Management misinformation systems , 1967 .

[16]  Steve Purser A practical guide to managing information security , 2004 .

[17]  Robert W. Zmud,et al.  Arrangements for Information Technology Governance: A Theory of Multiple Contingencies , 1999, MIS Q..

[18]  R. Peterson Crafting Information Technology Governance , 2004 .

[19]  Bret Hartman,et al.  Mastering Web Services Security , 2003 .