Information Security governance: COBIT or ISO 17799 or both?
نویسنده
چکیده
This paper investigates the coexistence of and complementary use of COBIT and ISO 17799 as reference frameworks for Information Security governance. The investigation is based on a mapping between COBIT and ISO 17799 which became available in 2004, and provides a level of 'synchronization' between these two frameworks.
منابع مشابه
Determinants of Successful ICT Risk Management in Thai Organisations
This paper reports a study of the key factors that affect ICT risk management using Thai businesses as the data sources. Three hundred and two respondents from listed organisations on the Stock Exchange of Thailand (SET) were surveyed and the data analysed to establish the strength of relationships in a model derived from extant literature and the application of the two most commonly used gover...
متن کاملGoverning Information Security in Conjunction with COBIT and ISO 27001
In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS
متن کاملThe Peculium Model: Information Security Risk Management for the South African SMME
Small, medium and micro enterprises (SMMEs) in South Africa contribute over 40% to the gross domestic product. However, these organisations have a failure rate of 80%, mostly due to a lack of management skills. SMMEs also do not aspire to corporate governance standards for these management skills due to the lack of awareness of corporate governance best practice as well as the non-enforced impl...
متن کاملIT Security Governance: A Framework based on ISO 38500
ISO 38500 is an international standard for IT governance. The guidelines of ISO 38500 can also be applied at the IT security functional level in order to guide the governance of IT security. This paper proposes the use of a strategic information security management (ISM) framework to implement guidelines of ISO 38500. This approach provides several strategic advantages to the organization by 1)...
متن کاملISO 17799: "Best Practices" in Information Security Management?
To protect the information assets of organizations, many different standards and guidelines have been proposed. Among them, International standard ISO 17799 is one of the most prominent international efforts on information security. This standard provides both an authoritative statement on information security and the procedures to be adopted by organizations to ensure information security. Sec...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computers & Security
دوره 24 شماره
صفحات -
تاریخ انتشار 2005