A Capability Maturity Framework for IT Security Governance in Organizations

2018 ◽  
pp. 221-233 ◽  
Author(s):  
Yassine Maleh ◽  
Abdelkbir Sahid ◽  
Abdellah Ezzati ◽  
Mustapha Belaissaoui
Keyword(s):  
It Security ◽  
Security Governance ◽  
Capability Maturity

IT Security Governance and Centralized Security Controls

2008 ◽  
pp. 2130-2138
Author(s):  
Merrill Warkentin ◽  
Allen C. Johnston
Keyword(s):  
Information Technology ◽  
Human Activities ◽  
It Governance ◽  
Central Issue ◽  
It Security ◽  
Security Governance ◽  
Security Controls ◽  
Policies And Procedures ◽  
Enterprise Security ◽  
Over Time

Every enterprise must establish and maintain information technology (IT) governance procedures that will ensure the execution of the firm’s security policies and procedures. This chapter presents the problem and the framework for ensuring that the organization’s policies are implemented over time. Since many of these policies require human involvement (employee and customer actions, for example), the goals are met only if such human activities can be influenced and monitored and if positive outcomes are rewarded while negative actions are sanctioned. This is the challenge to IT governance. One central issue in the context of IT security governance is the degree to which IT security controls should be centralized or decentralized. This issue is discussed in the context of enterprise security management.

SOX Act and IT Security Governance

2008 ◽  
Author(s):  
Na-yun Kim ◽  
Rosslin John Robles ◽  
Sung-Eon Cho ◽  
Yang-Seon Lee ◽  
Tai-hoon Kim
Keyword(s):  
It Security ◽  
Security Governance

IT Security Risk Management Model for Cloud Computing

2013 ◽  
Vol 4 (4) ◽  
pp. 1-19 ◽  
Author(s):  
Gunnar Wahlgren ◽  
Stewart Kowalski
Keyword(s):  
Cloud Computing ◽  
Risk Management ◽  
It Security ◽  
Maturity Model ◽  
Security Risk ◽  
Cloud Computing Environment ◽  
New Approach ◽  
Capability Maturity ◽  
Security Risk Management ◽  
Security Incidents

The authors combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework. With this combined framework the authors create a new approach to IT Security Risk Management where IT Security Risk Management is place at the strategic, tactical and operational levels of an organizational. In this paper the authors concentrate on the monitoring and communication steps of IT Security Risk Management and especially escalation of new IT Security Incidents. The authors present a first draft to an IT Security Risk Escalation Capability Maturity Model based on ISACA´s Risk IT Framework. Finally the authors apply the approach to typical cloud computing environment as a first step to evaluate this new approach.

Information Security Governance in Large Organizations

2019 ◽  
pp. 316-348
Keyword(s):  
Information Security ◽  
Academic Research ◽  
Research Literature ◽  
The Other ◽  
Information Security Management ◽  
Security Governance ◽  
Capability Maturity ◽  
Human Aspects ◽  
Information Security Governance ◽  
Practical Model

There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to discuss the information security governance and to address the weaknesses identified in the literature. Based on practices of information security management and governance, the authors propose ISGO, a practical maturity framework for the information security governance and management in organizations. The findings will help organizations to assess their capability maturity state and to address the procedural, technical, and human aspects of information security governance and management process.

Sign in / Sign up

Export Citation Format

Share Document