Information security management: a new paradigm

Authors:
Jan H. P. Eloff;Mariki Eloff
Affiliations:
Department of Computer Science, University of Pretoria, Lynnwood Road, Pretoria, 0002, South Africa;Department of Computer Science and Information Systems, University of South Africa, P O Box 392, UNISA, 0003, South Africa
Venue:
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
Year:
2003

Citing 2
Cited 7

Security in computing

Security in computing
Feature: What Makes an Effective Information Security Policy?

Network Security

Security and Trust in IT Business Outsourcing: a Manifesto

Electronic Notes in Theoretical Computer Science (ENTCS)
The design and implementation of tamper resistance for mobile game service

Mobile Information Systems - Mobile and Wireless Networks
A web-based multi-perspective decision support system for information security planning

Decision Support Systems
Building ISMS through the reuse of knowledge

TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Information security management system for SMB in ubiquitous computing

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
Addressing cultural dissimilarity in the information security management outsourcing relationship

TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
A Six-View Perspective Framework for System Security: Issues, Risks, and Requirements

International Journal of Information Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Information security management needs a paradigm shift in order to successfully protect information assets. Organisations must change to the holistic management of information security, requiring a well-established Information Security Management System (ISMS). An ISMS addresses all aspects in an organisation that deals with creating and maintaining a secure information environment. Organisational management and their staff to manage information security cost-effectively can use the ISMS. It can also help with the assessment of the trustworthiness of an organisation's information security arrangements by other organisations. An intelligent mix of aspects such as policies, standards, guidelines, codes-of-practice, technology, human issues, legal and ethical issues constitute an ISMS. Ideally organisations should opt for a combination of these different aspects in establishing an ISMS. The initial combination of all the aspects might by a bridge too far when embarking on the establishment of an ISMS, forcing organisations to take a 'phased' approach. One approach can be to implement the controls as contained in a standard such as ISO17799. In this case information security is driven from a management process point of view and referred to as 'process security'. Another approach that also complement or add to process security, is to use certified products in the IT infrastructure environment when possible. The approach here focuses on technical issues and is referred to as 'product security'.