ISO security standards as leverage on IT Security Management
Détails
ID Serval
serval:BIB_D5C31D207126
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Institution
Titre
ISO security standards as leverage on IT Security Management
Titre de la conférence
Proceedings of 13th Americas Conference on Information Systems (AMCIS)
Adresse
Keystone, Colorado, USA
Statut éditorial
Publié
Date de publication
08/2007
Peer-reviewed
Oui
Langue
anglais
Résumé
Information security is a very important component in the context of an organization’s dependence on ICT. The operational environment where these technologies are operating is a very complex one. Offering a good level of protection by information security process needs a well defined managerial framework.
This paper discusses the reasons why having a well defined managerial security framework is needed in an information security area, as well as which are the tools to build and implement such a management framework. After a short presentation, two international standards related to Information Security Management, the ISO 17799:2005 and ISO 27001 standards, and the implications of being conforming to these standards are analysed and their advantages and limits in a security management framework are pointed out.
This paper discusses the reasons why having a well defined managerial security framework is needed in an information security area, as well as which are the tools to build and implement such a management framework. After a short presentation, two international standards related to Information Security Management, the ISO 17799:2005 and ISO 27001 standards, and the implications of being conforming to these standards are analysed and their advantages and limits in a security management framework are pointed out.
Mots-clé
Information Security Management, Risk Management, Information Security Management effectiveness/efficiency, Information Security Management complexity, Quality Management, Compliance and Conformity, ISO 27001 and ISO 17799 standards impact on IT security management
Création de la notice
05/02/2008 11:30
Dernière modification de la notice
20/08/2019 16:55
Données d'usage
