Governing Information Security

Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff’s (2007) framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology (NIST), the authors present seven domains of information security governance. For each of the governance domains, they propose a main decision type, using the taxonomy of information technology decisions defined by Weill and Ross (2004). This framework recommends the selection of decision rights allocation patterns that are proper to those decision types to ensure good security decisions. As a result, a balance can be achieved between decisional authority and responsibility for information security.

Download Full-text

Information Security Governance Using Biometrics

IT Security Governance Innovations - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-2083-4.ch008 ◽

2012 ◽

pp. 191-224

Author(s):

Shrikant Tiwari ◽

Sanjay Kumar Singh

Keyword(s):

Information Security ◽

User Authentication ◽

Security Governance ◽

Biometric Systems ◽

Information Security Governance ◽

High Level ◽

Networked Society ◽

Biometric Trait ◽

Authentication Technique ◽

Selection Of

To establish the identity of an individual is very critical with the advancement of technology in networked society. Thus, there is need for reliable user authentication technique to solve the growing demand for high level of Information Security Governance (ISG) depending on the requirement. Biometrics can be explained as the method to recognize an individual based on physical (face, fingerprint, ear, iris, etc.) or behavioral (voice, signature, gait, etc.) features to identify an individual person. Nowadays, biometric systems are being used for different purposes for information security like commercial, defense, government, and forensic applications as a means of establishing identity and to mitigate the risk which is one of the important objectives of Information Security Governance. In this chapter, an attempt has been made to explain the use and proper selection of biometric trait to help in Information Security Governance.

Download Full-text

Securing Cloud Computing Through IT Governance

INFORMATION TECHNOLOGY IN INDUSTRY ◽

10.17762/itii.v7i1.62 ◽

2021 ◽

Vol 7 (1) ◽

Author(s):

Salman M. Faizi, Shawon Rahman

Keyword(s):

Information Technology ◽

Cloud Computing ◽

Information Security ◽

It Governance ◽

Security Governance ◽

Business Alignment ◽

Information Security Governance ◽

Business Needs ◽

Market Needs

Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous opportunities, it comes with risks as well. Information security is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.

Download Full-text

The Implementation of Multiple Information Security Governance (ISG) Frameworks Strategy and Critical Success Factors in Indonesia’s Oil and Gas Industry: Case Study of PT X

Jurnal Sistem Informasi ◽

10.21609/jsi.v16i2.986 ◽

2020 ◽

Vol 16 (2) ◽

pp. 43-56

Author(s):

Bob Hardian Syahbuddin ◽

Wachid Yoga Afrida ◽

Fatimah Azzahro ◽

Achmad Nizar Hidayanto ◽

Kongkiti Phusavat

Keyword(s):

Information Technology ◽

Information Security ◽

Oil And Gas ◽

Oil And Gas Industry ◽

Gas Industry ◽

Economic Wealth ◽

Security Governance ◽

Inhibiting Factors ◽

Information Security Governance

Oil and gas industry are among the largest contributor to the Indonesia’s foreign exchange. Many believe that information technology will be major driver for economic wealth in the oil and gas Industry. However, implementing information technology to support corporate business process brings vast information security risks. There is a need of comprehensive information security governance that can comply to information security standards and regulations. This research is conducted to evaluate the use of multiple ISG frameworks for implementing information security governance in a multinational oil and gas company. In detail, we evaluate the effectiveness of such framework, assess its implementation maturity level, and identify the success and inhibiting factors for implementing ISG frameworks. This study shows that framework XYZ, as a multiple ISG framework, is effective to cover the controls of ISO 17799, COSO, and IT Risk Framework at once. Meanwhile, the observed case study indicated lack of compliancy of Framework XYZ followed by the invention of gap between current ISG implementation efforts and company visions. Lastly, several success and inhibiting factors are identified in the ISG framework implementation at PT X.

Download Full-text

The Relationship Between Digital Forensics, Corporate Governance, IT Governance, and IS Governance

Digital Crime and Forensic Science in Cyberspace ◽

10.4018/978-1-59140-872-7.ch011 ◽

2011 ◽

pp. 243-266 ◽

Cited By ~ 4

Author(s):

S.H. (Basie) von Solms ◽

C.P. (Buks) Louwrens

Keyword(s):

Information Technology ◽

Corporate Governance ◽

Information Security ◽

Digital Forensics ◽

It Governance ◽

Security Governance ◽

Technology Governance ◽

Information Technology Governance ◽

Information Security Governance ◽

The Relationship

The purpose of this chapter is twofold: Firstly, we want to determine the relationships, if any, between the discipline of digital forensics and the peer disciplines of corporate governance, information technology governance, and information security governance. Secondly, after we have determined such relationships between these disciplines, we want to determine if there is an overlap between these disciplines, and if so, investigate the content of the overlap between information technology governance and digital forensics.Therefore, we want to position the discipline of digital forensics in relation to corporate governance, information technology governance, and information security governance, and describe in detail the relationship between information technology governance and digital forensics.

Download Full-text