Governing Information Security

2011 ◽  
Vol 24 (1) ◽  
pp. 28-45 ◽  
Author(s):  
Yu ’Andy’ Wu ◽  
Carol Stoak Saunders
Keyword(s):  
Information Security ◽  
Decision Rights ◽  
Security Governance ◽  
Level Information ◽  
Information Security Governance ◽  
Allocation Patterns ◽  
Decision Type ◽  
High Level ◽  
Decisional Authority ◽  
Selection Of

Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff’s (2007) framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology (NIST), the authors present seven domains of information security governance. For each of the governance domains, they propose a main decision type, using the taxonomy of information technology decisions defined by Weill and Ross (2004). This framework recommends the selection of decision rights allocation patterns that are proper to those decision types to ensure good security decisions. As a result, a balance can be achieved between decisional authority and responsibility for information security.

Governing Information Security

2013 ◽  
pp. 29-45
Author(s):  
Yu “Andy” Wu ◽  
Carol Stoak Saunders
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Decision Rights ◽  
Security Governance ◽  
Level Information ◽  
Information Security Governance ◽  
Allocation Patterns ◽  
High Level ◽  
Decisional Authority ◽  
Selection Of

Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff’s (2007) framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology (NIST), the authors present seven domains of information security governance. For each of the governance domains, they propose a main decision type, using the taxonomy of information technology decisions defined by Weill and Ross (2004). This framework recommends the selection of decision rights allocation patterns that are proper to those decision types to ensure good security decisions. As a result, a balance can be achieved between decisional authority and responsibility for information security.

Information Security Governance Using Biometrics

2012 ◽  
pp. 191-224
Author(s):  
Shrikant Tiwari ◽  
Sanjay Kumar Singh
Keyword(s):  
Information Security ◽  
User Authentication ◽  
Security Governance ◽  
Biometric Systems ◽  
Information Security Governance ◽  
High Level ◽  
Networked Society ◽  
Biometric Trait ◽  
Authentication Technique ◽  
Selection Of

To establish the identity of an individual is very critical with the advancement of technology in networked society. Thus, there is need for reliable user authentication technique to solve the growing demand for high level of Information Security Governance (ISG) depending on the requirement. Biometrics can be explained as the method to recognize an individual based on physical (face, fingerprint, ear, iris, etc.) or behavioral (voice, signature, gait, etc.) features to identify an individual person. Nowadays, biometric systems are being used for different purposes for information security like commercial, defense, government, and forensic applications as a means of establishing identity and to mitigate the risk which is one of the important objectives of Information Security Governance. In this chapter, an attempt has been made to explain the use and proper selection of biometric trait to help in Information Security Governance.

Sign in / Sign up

Export Citation Format

Share Document