Enterprise Security Governance; A practical guide to implement and control Information Security Governance (ISG)

Author

de Oliveira Alves, Gustavo Alberto ; Carmo, Luiz Fernando Rust da Costa ; De Almeida, Ana Cristina Ribeiro Dutra

Author_Institution

Computer Center (NCE), Federal University of Rio de Janeiro (UFRJ), Rio de Janeiro, Brazil. galberto@nce.ufrj.br

fYear

2006

fDate

07-07 April 2006

Firstpage

71

Lastpage

80

Abstract

Following the advances of Information Technology (IT) Management and Information Security, organizations have felt the need to standardize their activities and, principally, to integrate any technological action with short and long-term business objectives and administrative strategies. Through the interrelationship of corporative and technological governance, with Information Security Governance (ISG), it becomes possible to reach this alignment, contributing to corporative results. The purpose of this paper is to present a framework for implementing Information Security Governance, which considers the integration between strategical objectives and their indicators - Balanced Scorecard (BSC) - with IT business objectives from CobiT, as well as security best practices from ISO/IEC 17799.

Keywords

Information Security Governance; Security Dashboard; Security Scorecard; Best practices; Business; Globalization; IEC standards; ISO standards; Information management; Information security; Information technology; Internet; Technology management; Information Security Governance; Security Dashboard; Security Scorecard;

fLanguage

English

Publisher

ieee

Conference_Titel

Business-Driven IT Management, 2006. BDIM '06. The First IEEE/IFIP International Workshop on

Print_ISBN

1-4244-0176-3

Type

conf

DOI

10.1109/BDIM.2006.1649213

Filename

1649213