The principal aim of this paper is to examine an innovative approach to determine the extent that an organisation complies with a generally-accepted information security management standard. This new approach is modelled on the Goal Attainment Scaling (GAS) methodology and is combined with a set of baseline security controls extracted from the International Standard AS/NZS ISO/IEC 17799: 2001. ...

Information security governance dominates the senior management’s agenda in overall organizational informance technology (IT) governance. The globalization trends encompassing all businesses, and risks of information leakage forces organizations to institute mechanisms to protect it. In order to achieve adequate level of protection, organizations implement information security management system...

as information has the role of organization asset, its protection is the key to the survival of any organization. information security management system (isms) defines protection of information in three specific concepts: information confidentiality, accuracy, and availability. many failures in implementing isms rooted in organizational problems and lack of attention to the state of readiness o...

Due to the growing dependence of information society on Information and Communication Technologies, the need to protect information is getting more and more important for enterprises. In this context, Information Security Management Systems (ISMSs), have arisen for supporting the processes and systems for effectively managing information security. The fact of having these systems available has ...

The security of information system is like a chain. Its strength is affected by the weakest knot. Since we can achieve 100% Information Security Management System (ISMS) security, we must cautiously fulfill the certification and accreditation of information security. In this paper, we analyzed, studied the evaluation knowledge and skills required for auditing the certification procedures for th...

This paper presents the findings of an empirical study of certification auditors’ and information security consultants’ experiences and insights concerning the implementation and certification of information security management systems. Using an action research strategy and a grounded theory research method, the study describes these particular experiences and insights primarily in terms of cri...

Knowledge Management (KM) has been recognized as a critical management strategy in generating competitive advantage for the organization. In order to protect organizational knowledge stored in or transferred through company’s Knowledge Management Systems (KMS), information security controls have to be incorporated into these systems. However, overly strict controls may adversely impact the perc...

Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of protection for a company’s information assets and for the company as a whole. One of the best ways to address information security problems in the corpor...

Monitoring the performance of incident response (IR) management is important input for improving the IR management system. A set of performance indicators, which assists monitoring in a proper way, is described regarding: the incident response management system; information security culture; number of incidents responded to; average time spent on responding; consequences of incidents; number of...