A multi-stage methodology for ensuring appropriate security culture and governance
Details
Serval ID
serval:BIB_DB84A3D152A4
Type
Inproceedings: an article in a conference proceedings.
Collection
Publications
Institution
Title
A multi-stage methodology for ensuring appropriate security culture and governance
Title of the conference
5th International conference on Availability, Reliability and Security: ARES 2010, Proceedings
Publisher
IEEE
Address
Krakow, Poland
ISBN
978-0-7695-3965-2
Publication state
Published
Issued date
02/2010
Peer-reviewed
Oui
Pages
353-360
Language
english
Abstract
The assessment of the adequacy and appropriateness of the security infrastructure in place within an organization poses a significant challenge to those responsible for security management, those responsible for corporate compliance, and senior management who seek a reasonable balance between robust security and ease of use for legitimate users. The process of assessment, validation and improvement is continuous and follows a number of clearly defined steps, each of which builds on the comfort obtained from the previous one and which confirms the consistency of the measures in place with the overall strategy and policies, all the while referring to the specific context and requirements of the organization. This paper describes a framework for the assessment of security governance that can be applied to organizations in the public and private sectors with differing security cultures, discusses the methods of implementing, tailoring the methodology and evaluating the results of the analysis, details a number of critical success factors, and concludes with a case study from the manufacturing sector.
Keywords
Information security governance, Governance criteria, Assessment methodology, Organizational culture, Security awareness, Risk management, Legal conformity, User compliance
Web of science
Create date
08/02/2011 16:34
Last modification date
20/08/2019 16:00