Governing Information System Security: Review of Approaches to Information System Security Assurance and Auditing
Over the past decade information system security issues has been treated mainly from technology perspective. That model of information security management was reactive, mainly technologically driven and rarely aligned to business needs. This paper goes a step further and considers it from the governance view, mainly aligning it with the risk management activities and stressing the necessity for a holistic approach in which the executive management should be involved. This paper is to stress the importance of implementing information system security governance model as a proactive and holistic approach which aligns security mechanisms, procedures and metrics with governance principles, business drivers and enterprise strategic objectives.