Information security management standards: Problems and solutions |
| |
| Authors: | Mikko Siponen Robert Willison |
| |
| Affiliation: | 1. University of Oulu, IS Security Research Center and Department of Information Processing Science, Linnanmaa, P.O. Box 3000, FIN-90014, Finland;2. Copenhagen Business School, Howitzvej 60, DK-2000 Frederiksberg, Denmark |
| |
| Abstract: | International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners. |
| |
| Keywords: | Information systems security Information security management standards Information security management Information security management guidelines Information security certification |
| 本文献已被 ScienceDirect 等数据库收录! |
|
