Governing Information System Security: Review of Approaches to Information System Security Assurance and Auditing

Over the past decade information system security issues has been treated mainly from technology perspective. That model of information security management was reactive, mainly technologically driven and rarely aligned to business needs. This paper goes a step further and considers it from the governance view, mainly aligning it with the risk management activities and stressing the necessity for a holistic approach in which the executive management should be involved. This paper is to stress the importance of implementing information system security governance model as a proactive and holistic approach which aligns security mechanisms, procedures and metrics with governance principles, business drivers and enterprise strategic objectives.

Provided by: WSDOT Topic: Date Added: Oct 2012 Format: PDF

Find By Topic