A framework for information security governance and management

Marian Carcary; Karen Renaud; Stephen McLaughlin; Connor O'Brien

doi:10.1109/MITP.2016.27

A framework for information security governance and management

Marian Carcary, Karen Renaud, Stephen McLaughlin, Connor O'Brien

Research output: Contribution to journal › Article › peer-review

24 Citations (Scopus)

Abstract

Daily changes in the information security landscape mean that organizations face unprecedented challenges in securing their information systems. It appears easy for organizations to adopt a tactical approach in which they respond to problems as they occur. However, when such a paradigm exists, it becomes difficult to act strategically. What is required is for organizations to be able to assess their current maturity state with respect to information security governance and management, and to proactively identify problem areas that need to be addressed. Here, the authors present a capability maturity framework to support organizations in this activity. The framework addresses the technical, process, and human aspects of information security and provides insight and guidelines for organizations to implement effective information security governance and management processes.

Original language	English
Pages (from-to)	22-30
Number of pages	9
Journal	IT Professional
Volume	18
Issue number	2
DOIs	https://doi.org/10.1109/MITP.2016.27
Publication status	Published - 18 Mar 2016

Keywords

information security governance
information security management
capability maturity
IT-CMF
permission
organizations
standards
business continuity
security of data

Access to Document

10.1109/MITP.2016.27Licence: Unspecified

Cite this

@article{bdd0a18cc77c4494a64d6768deb89fdf,

title = "A framework for information security governance and management",

abstract = "Daily changes in the information security landscape mean that organizations face unprecedented challenges in securing their information systems. It appears easy for organizations to adopt a tactical approach in which they respond to problems as they occur. However, when such a paradigm exists, it becomes difficult to act strategically. What is required is for organizations to be able to assess their current maturity state with respect to information security governance and management, and to proactively identify problem areas that need to be addressed. Here, the authors present a capability maturity framework to support organizations in this activity. The framework addresses the technical, process, and human aspects of information security and provides insight and guidelines for organizations to implement effective information security governance and management processes.",

keywords = "information security governance, information security management, capability maturity, IT-CMF, permission, organizations, standards, business continuity, security of data",

author = "Marian Carcary and Karen Renaud and Stephen McLaughlin and Connor O'Brien",

year = "2016",

month = mar,

day = "18",

doi = "10.1109/MITP.2016.27",

language = "English",

volume = "18",

pages = "22--30",

number = "2",

}

TY - JOUR

T1 - A framework for information security governance and management

AU - Carcary, Marian

AU - Renaud, Karen

AU - McLaughlin, Stephen

AU - O'Brien, Connor

PY - 2016/3/18

Y1 - 2016/3/18

N2 - Daily changes in the information security landscape mean that organizations face unprecedented challenges in securing their information systems. It appears easy for organizations to adopt a tactical approach in which they respond to problems as they occur. However, when such a paradigm exists, it becomes difficult to act strategically. What is required is for organizations to be able to assess their current maturity state with respect to information security governance and management, and to proactively identify problem areas that need to be addressed. Here, the authors present a capability maturity framework to support organizations in this activity. The framework addresses the technical, process, and human aspects of information security and provides insight and guidelines for organizations to implement effective information security governance and management processes.

AB - Daily changes in the information security landscape mean that organizations face unprecedented challenges in securing their information systems. It appears easy for organizations to adopt a tactical approach in which they respond to problems as they occur. However, when such a paradigm exists, it becomes difficult to act strategically. What is required is for organizations to be able to assess their current maturity state with respect to information security governance and management, and to proactively identify problem areas that need to be addressed. Here, the authors present a capability maturity framework to support organizations in this activity. The framework addresses the technical, process, and human aspects of information security and provides insight and guidelines for organizations to implement effective information security governance and management processes.

KW - information security governance

KW - information security management

KW - capability maturity

KW - IT-CMF

KW - permission

KW - organizations

KW - standards

KW - business continuity

KW - security of data

U2 - 10.1109/MITP.2016.27

DO - 10.1109/MITP.2016.27

M3 - Article

SN - 1520-9202

VL - 18

SP - 22

EP - 30

JO - IT Professional

JF - IT Professional

IS - 2

ER -

A framework for information security governance and management

Abstract

Keywords

Access to Document

Fingerprint

Cite this