Risk analysis as a source of professional knowledge
Computers and Security
Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Software quality and the Capability Maturity Model
Communications of the ACM
Information security standards focus on the existence of process, not its content
Communications of the ACM - Music information retrieval
Falling in love with online games: The uses and gratifications perspective
Computers in Human Behavior
Information security management: An entangled research challenge
Information Security Tech. Report
Threats analysis for e-learning
International Journal of Technology Enhanced Learning
Building ISMS through the reuse of knowledge
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Information and Management
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory
Information and Management
Information and Management
Incident-centered information security: Managing a strategic balance between prevention and response
Information and Management
Internal control framework for a compliant ERP system
Information and Management
Employees' adherence to information security policies: An exploratory field study
Information and Management
The industrial security management model for SMBs in smart work
Journal of Intelligent Manufacturing
International Journal of Business Information Systems
Hi-index | 0.00 |
International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners.