Overview of Key Information Security Governance Frameworks

2012 ◽  
pp. 1-12
Author(s):  
Oscar Rebollo
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Point Of View ◽  
Senior Executives ◽  
Public And Private ◽  
The Public ◽  
Security Governance ◽  
Management Processes ◽  
Relevant Role ◽  
Information Security Governance

Security awareness has spread inside many organizations leading them to tackle information security not just as a technical matter, but from a corporate point of view. Information Security Governance (ISG) provides enterprises with means of dealing with the security of their information assets in a comprehensive manner, involving every stakeholder through the whole governance and management processes. Boards of Public and Private Entities cannot remain unaware of this development and should make efforts to include ISG into their business processes. Realizing of this relevant role, scientific literature contains a variety of proposals which define different frameworks to foster ISG inside any corporation. In order to facilitate the adoption of any of them by the public sector, this chapter compiles existing approaches, highlighting the main contributions and characteristics of each one. Senior executives and security managers may need support on their decisions about adopting one of these frameworks, so a comparative analysis is performed. This chapter tries to provide an overview of state of the art of the most current relevant security governance frameworks by means of a comparison through a set of comparative criteria that have been defined and applied to every proposal, so that strengths and weaknesses of each one can be pointed out. These criteria have been selected from a deep analysis of existing ISG papers, including both governance and management aspects.

Information Security Governance and Standard Based Management Systems

2012 ◽  
pp. 261-282 ◽  
Author(s):  
Margareth Stoll ◽  
Ruth Breu
Keyword(s):  
Corporate Governance ◽  
Information Security ◽  
Business Processes ◽  
Management Systems ◽  
Holistic Model ◽  
Information Security Management ◽  
Security Governance ◽  
Governance Model ◽  
Information Security Governance ◽  
Iec 27001

The importance of information and Information Systems for modern organizations as a key differentiator is increasingly recognized. Sharpened legal and regulatory requirements have further promoted to see information security governance as part of corporate governance. More than 1.37 million organizations worldwide are implementing a standards based management system, such as ISO9001 or others. To implement information security governance and compliance in an effective, efficient, and sustainable way, the authors integrate these standard based management systems with different information security governance frameworks and the requirements of the international ISO/IEC 27001 information security management standard to a holistic information security governance model. In that way information security is part of all strategic, tactical, and operational business processes promotes corporate governance and living information security. The implementation of this innovative holistic model in several organizations and the case studies results are described.

scholarly journals Analysis of the Risk Management Process on the Development of the Public Sector Information Technology Master Plan

Information ◽  
2018 ◽  
Vol 9 (10) ◽  
pp. 248 ◽  
Author(s):  
Sérgio Andrade deFreitas ◽  
Edna Canedo ◽  
Rodrigo Santos Felisdório ◽  
Heloise Leão
Keyword(s):  
Risk Management ◽  
Public Sector ◽  
Information And Communication Technology ◽  
Communication Technology ◽  
Master Plan ◽  
Public And Private ◽  
The Public ◽  
Management Processes ◽  
Risk Management Process ◽  
Information And Communication

The Information and Communication Technology Master Plan—ICTMP—is an important tool for the achievement of the strategic business objectives of public and private organizations. In the public sector, these objectives are closely related to the provision of benefits to society. Information and Communication Technology (ICT) actions are present in all organizational processes and involves size-able budgets. The risks inherent in the planning of ICT actions need to be considered for ICT to add value to the business and to maximize the return on investment to the population. In this context, this work intends to examine the use of risk management processes in the development of ICTMPs in the Brazilian public sector.

Sign in / Sign up

Export Citation Format

Share Document