Information security management standards: Problems and solutions

Authors:
Mikko Siponen;Robert Willison
Affiliations:
University of Oulu, IS Security Research Center and Department of Information Processing Science, Linnanmaa, P.O. Box 3000, FIN-90014, Finland;Copenhagen Business School, Howitzvej 60, DK-2000 Frederiksberg, Denmark
Venue:
Information and Management
Year:
2009

Citing 6
Cited 13

Discovering and disciplining computer abuse in organizations: a field study

MIS Quarterly
Risk analysis as a source of professional knowledge

Computers and Security
Information systems security design methods: implications for information systems development

ACM Computing Surveys (CSUR)
Software quality and the Capability Maturity Model

Communications of the ACM
Information security standards focus on the existence of process, not its content

Communications of the ACM - Music information retrieval
Circuits of power in creating de jure standards: shaping an international information systems security standard

MIS Quarterly

Falling in love with online games: The uses and gratifications perspective

Computers in Human Behavior
Information security management: An entangled research challenge

Information Security Tech. Report
Threats analysis for e-learning

International Journal of Technology Enhanced Learning
Building ISMS through the reuse of knowledge

TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies

Information and Management
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory

Information and Management
New insights into the problem of software piracy: The effects of neutralization, shame, and moral beliefs

Information and Management
The importance of the CobiT framework IT processes for effective internal control over financial reporting in organizations: An international survey

Information and Management
Incident-centered information security: Managing a strategic balance between prevention and response

Information and Management
Internal control framework for a compliant ERP system

Information and Management
Employees' adherence to information security policies: An exploratory field study

Information and Management
The industrial security management model for SMBs in smart work

Journal of Intelligent Manufacturing
Effects of implementing information security management systems on the performance of marketing and sales departments

International Journal of Business Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners.