Security in computing
Feature: What Makes an Effective Information Security Policy?
Network Security
Security and Trust in IT Business Outsourcing: a Manifesto
Electronic Notes in Theoretical Computer Science (ENTCS)
The design and implementation of tamper resistance for mobile game service
Mobile Information Systems - Mobile and Wireless Networks
A web-based multi-perspective decision support system for information security planning
Decision Support Systems
Building ISMS through the reuse of knowledge
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Information security management system for SMB in ubiquitous computing
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
Addressing cultural dissimilarity in the information security management outsourcing relationship
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
A Six-View Perspective Framework for System Security: Issues, Risks, and Requirements
International Journal of Information Security and Privacy
Hi-index | 0.00 |
Information security management needs a paradigm shift in order to successfully protect information assets. Organisations must change to the holistic management of information security, requiring a well-established Information Security Management System (ISMS). An ISMS addresses all aspects in an organisation that deals with creating and maintaining a secure information environment. Organisational management and their staff to manage information security cost-effectively can use the ISMS. It can also help with the assessment of the trustworthiness of an organisation's information security arrangements by other organisations. An intelligent mix of aspects such as policies, standards, guidelines, codes-of-practice, technology, human issues, legal and ethical issues constitute an ISMS. Ideally organisations should opt for a combination of these different aspects in establishing an ISMS. The initial combination of all the aspects might by a bridge too far when embarking on the establishment of an ISMS, forcing organisations to take a 'phased' approach. One approach can be to implement the controls as contained in a standard such as ISO17799. In this case information security is driven from a management process point of view and referred to as 'process security'. Another approach that also complement or add to process security, is to use certified products in the IT infrastructure environment when possible. The approach here focuses on technical issues and is referred to as 'product security'.