Established standards on security and risk management provide guidelines and advice to organizations and other stakeholders on how to fulfill their security needs. However, realizing and ensuring compliance with such standards may be challenging. This is partly because the descriptions are very generic and have to be refined and interpreted by security experts, and partly because they lack tech...

The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance o...

In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS

With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognize...

Information security is a very important component in the context of an organization’s dependence on ICT. The operational environment where these technologies are operating is a very complex one. Offering a good level of protection by information security process needs a well defined managerial framework. This paper discusses the reasons why having a well defined managerial security framework i...

Information is currently the most important asset of modern companies. Its security is therefore very important and becomes the top priority of each company. Unfortunately, there is no simple recipe providing 100 % security of information. A company must apply the best security procedures with the aim to achieve an appropriate level of its information security. This paper presents and compares ...

Die Dynamik der Informationstechnologie und steigende Komplexität von Informationssystemen schlägt sich auch im Informationssicherheitsmanagement nieder. Informationssicherheitsstandards haben sich als generische Lösungen für eine Vielzahl von Aufgaben etabliert. Inwieweit derartige Standards die benötigte ganzheitliche Betrachtung vorsehen ist bislang nicht geklärt. Im vorliegenden Beitrag wir...