The ISACA Business Model for Information Security: An Integrative and Innovative Approach (original) (raw)

Vieweg+Teubner eBooks, 2010

Abstract

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

Rolf von Roessing hasn't uploaded this paper.

Let Rolf know you want this paper to be uploaded.

Ask for this paper to be uploaded.