IT Security Governance for e-Business
نویسندگان
چکیده
Information Security is very important in e-Business. Previous IT governance frameworks have not given the connection between IT governance and e-business security sufficient attention. This paper identifies various levels of governance followed by a focus in the roles of information technology (IT) governance with reference to information security for today’ s electronic business (e-business) environment. The emergence of and dependence on new technologies, like the Internet, have increased exposure of businesses to technologyoriginated threats and have created new requirements for security management and governance. We proposed a model achieves the necessary integration through risk management in which the tensions between threat reduction and value generation activities have to be balanced. Keyword : Information Security, IT Governance, e-Business Management, Secure System
منابع مشابه
IT Security Governance: A Framework based on ISO 38500
ISO 38500 is an international standard for IT governance. The guidelines of ISO 38500 can also be applied at the IT security functional level in order to guide the governance of IT security. This paper proposes the use of a strategic information security management (ISM) framework to implement guidelines of ISO 38500. This approach provides several strategic advantages to the organization by 1)...
متن کاملCritical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)
The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...
متن کاملFrom information security to ... business security?
This short opinion paper argues that information security, the discipline responsible for protecting a company's information assets against business risks, has now become such a crucial component of good Corporate Governance, that it should rather be called Business Security instead of Information Security. During the last year or two, driven by developments in the field of Corporate Governance...
متن کاملA Model for Information Security Governance in Developing Countries
The proliferation of e-business, e-services and e-governance in developing countries has resulted in businesses and governments becoming highly dependent on business information and related information technologies. Such information is, however, constantly exposed to real threats that could result in security breaches. If these are realised, the prevailing economic structure of a developing cou...
متن کاملAdaptive defense measures against the security hazards induced by systems virtualisation
The explosive proliferation of systems virtualisation supports a more adaptive delivery of IT services. In the area of security management, however, virtualisation carries beneficial as well as detrimental implications. Fig. 1 shows the sources of requirements on security management: they originate either from technical sources, in a bottom-up view, or from high-level goals. As the business man...
متن کامل