Compliance with an Information Security Management Standard: A New Approach

نویسنده

  • Malcolm Pattinson
چکیده

The principal aim of this paper is to examine an innovative approach to determine the extent that an organisation complies with a generally-accepted information security management standard. This new approach is modelled on the Goal Attainment Scaling (GAS) methodology and is combined with a set of baseline security controls extracted from the International Standard AS/NZS ISO/IEC 17799: 2001. This new approach requires that a tailor-made measurement device is developed and then used to conduct multiple assessments of the state and condition of information system (IS) security controls within the same organisation. Metrics are generated for the various security areas, which provide an indication of the degree of compliance with the standard. The paper reports on the application of this approach within an agency of a South Australian (SA) government department.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

امنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور

Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...

متن کامل

“ Structured evaluation of site security using an agent based hierarchical approach to ISO 17799 . ”

There is an increase in the interaction of different organizations at the internal Intranet, business Extranet, and the public Internet level. The need to conduct business or exchange confidential information across heterogeneous networks raises the issue of compliance with international information security management standards. It is becoming of increasing importance to establishing a common ...

متن کامل

Information Security Management and Regulatory Compliance in the South African Health Sector

Information security is becoming a part of core business processes in every organization. Companies are faced with contradictory requirements to ensure open systems and accessible information while maintaining high protection standards. In addition, contemporary management of organizations’ information security requires various approaches in different areas, ranging from technology to organizat...

متن کامل

Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment

Actually Information security becomes a very important part for the organization’s intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The ma...

متن کامل

Integrated Solution Modeling Software: A New Paradigm on Information Security Review

Actually Information security becomes a very important part for the organization’s intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The ma...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003