By Topic

Information Security Governance control through comprehensive policy architectures

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Von Solms, R. ; Inst. of ICT Advancement, NMMU, Port Elizabeth, South Africa ; Thomson, K.-L. ; Maninjwa, M.

Information Security Governance has become one of the key focus areas of strategic management due to its importance in the overall protection of the organization's information assets. A properly implemented Information Security Governance framework should ideally facilitate the implementation of (directing), and compliance to (control), Strategic level management directives. These Strategic level management directives are normally interpreted, disseminated and implemented by means of a series of information security related policies. These policies should ideally be disseminated and implemented from the Strategic management level, through the Tactical level to the Operational level where eventual execution takes place. Control is normally exercised by capturing data at the lowest levels of execution and measuring compliance against the Operational level policies. Through statistical and summarized analyses of the Operational level data into higher levels of extraction, compliance at the Tactical and Strategic levels can be facilitated. This scenario of directing and controlling defines the basis of sound Information Security Governance. Unfortunately, information security policies are normally not disseminated onto the Operational level. As a result, proper controlling is difficult and therefore compliance measurement against all information security policies might be problematic. The objective of this paper is to argue towards a more complete information security policy architecture that will facilitate complete control, and therefore compliance, to ensure sound Information Security Governance.

Published in:

Information Security South Africa (ISSA), 2011

Date of Conference:

15-17 Aug. 2011