Holistic approach for governing information system security (CROSBI ID 633485)
Prilog sa skupa u zborniku | sažetak izlaganja sa skupa
Podaci o odgovornosti
Spremić, M.
engleski
Holistic approach for governing information system security
Over the past decade information system security issues has been treated mainly from technology perspective. That model of information security management was reactive, mainly technologically driven and rarely aligned to business needs. This paper goes a step further and considers it from the governance view, mainly aligning it with the risk management activities and stressing the necessity for a holistic approach in which the executive management should be involved. The main objective of the paper is to stress the importance of implementing information system security governance model as a proactive and holistic approach which aligns security mechanisms, procedures and metrics with governance principles, business drivers and enterprise strategic objectives. Information system security governance model is constructed, explained and discussed. Approaches to for information system security assurance are analysed and the phases and processes of its regular reviews (audits) explained in further details. The standards and legislation activities that help in that sense are evaluated. The holistic model of governing information system security risks as business risks is explained and discussed.
Information System Security Governance Model; IS Auditing; Holistic approach
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
2013.
objavljeno
Podaci o matičnoj publikaciji
Podaci o skupu
IAENG
predavanje
01.01.2013-01.01.2013
Hong Kong, Kina