A multi-stage methodology for ensuring appropriate security culture and governance

Détails

ID Serval
serval:BIB_DB84A3D152A4
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Institution
Titre
A multi-stage methodology for ensuring appropriate security culture and governance
Titre de la conférence
5th International conference on Availability, Reliability and Security: ARES 2010, Proceedings
Auteur⸱e⸱s
Ghernaouti-Hélie S., Tashi I., Simms D.
Editeur
IEEE
Adresse
Krakow, Poland
ISBN
978-0-7695-3965-2
Statut éditorial
Publié
Date de publication
02/2010
Peer-reviewed
Oui
Pages
353-360
Langue
anglais
Résumé
The assessment of the adequacy and appropriateness of the security infrastructure in place within an organization poses a significant challenge to those responsible for security management, those responsible for corporate compliance, and senior management who seek a reasonable balance between robust security and ease of use for legitimate users. The process of assessment, validation and improvement is continuous and follows a number of clearly defined steps, each of which builds on the comfort obtained from the previous one and which confirms the consistency of the measures in place with the overall strategy and policies, all the while referring to the specific context and requirements of the organization. This paper describes a framework for the assessment of security governance that can be applied to organizations in the public and private sectors with differing security cultures, discusses the methods of implementing, tailoring the methodology and evaluating the results of the analysis, details a number of critical success factors, and concludes with a case study from the manufacturing sector.
Mots-clé
Information security governance, Governance criteria, Assessment methodology, Organizational culture, Security awareness, Risk management, Legal conformity, User compliance
Web of science
Création de la notice
08/02/2011 16:34
Dernière modification de la notice
20/08/2019 16:00
Données d'usage