Information security management standards: problems and solutions

Siponen, Mikko and Willison, Robert (2009) Information security management standards: problems and solutions. Information & Management, 46 (5). pp. 267-270. ISSN 0378-7206

Full text not available from this repository. (Request a copy)

Abstract

International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners.

Item Type:	Article
Uncontrolled Keywords:	information systems security, information security management standards, information security management, information security management guidelines, information security certification
Subjects:	P100 Information Services
Department:	Faculties > Business and Law > Newcastle Business School
Depositing User:	EPrint Services
Date Deposited:	29 Sep 2010 09:23
Last Modified:	19 Nov 2019 09:53
URI:	http://nrl.northumbria.ac.uk/id/eprint/3788

Downloads