Information Security Management: An Approach to Combine Process Certification And Product Evaluation |
| |
| Authors: | M. M. Eloff S. H. von Solms |
| |
| Affiliation: | a School of Information Technology, Technikon Witwatersrand, Johannesburg, South Africa;b Department of Computer Science, Rand Afrikaans University, Johannesburg, South Africa |
| |
| Abstract: | Information Security (IS) is the key to the effective management of any organisation in today’s commercial and industrial sectors. Line managers’ performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management’s performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural and management perspective, in which case the focus will, instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both these perspectives. |
| |
| Keywords: | Certification Controls Standards Guideline Code of practice Accreditation Benchmarking Self-assessment Evaluation criteria Product evaluation Systems evaluation and process certification |
| 本文献已被 ScienceDirect 等数据库收录! |
|
