Information Security Architecture: An Integrated Approach to Security in the Organization
Information Security Architecture: An Integrated Approach to Security in the Organization
SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
An audit framework to support information system security management
International Journal of Electronic Security and Digital Forensics
Privacy is a process, not a PET: a theory for effective privacy practice
Proceedings of the 2012 workshop on New security paradigms
Governing Information Security: Governance Domains and Decision Rights Allocation Patterns
Information Resources Management Journal
International Journal of Strategic Information Technology and Applications
Internal control framework for a compliant ERP system
Information and Management
Perceived information security of internal users in Indian IT services industry
Information Technology and Management
Hi-index | 0.00 |
Information security culture develops in an organization due to certain actions taken by the organization. Management implements information security components, such as policies and technical security measures with which employees interact and that they include in their working procedures. Employees develop certain perceptions and exhibit behavior, such as the reporting of security incidents or sharing of passwords, which could either contribute or be a threat to the securing of information assets. To inculcate an acceptable level of information security culture, the organization must govern information security effectively by implementing all the required information security components. This article evaluates four approaches towards information security governance frameworks in order to arrive at a complete list of information security components. The information security components are used to compile a new comprehensive Information Security Governance framework. The proposed governance framework can be used by organizations to ensure they are governing information security from a holistic perspective, thereby minimising risk and cultivating an acceptable level of information security culture.