Information security management standards: Problems and solutions
作者: Mikko Siponen , Robert Willison , None
关键词:
摘要: International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, the SSE-CMM to determine compare how these are validated, widely they can be applied. First, we found that GASPP/GAISP were generic or universal scope; consequently do not pay enough attention differences between organizations fact their requirements different. Second, noted validated by appeal common practice authority this was sound basis for important international guidelines. To address shortcomings, believe should seen as library of material on practitioners.
acm.org
core.ac.uk
elsevier.com
pacis-net.org 参考文章(55)
Emilio Metaxopoulos, A Critical Consideration of the Lakatosian Concepts: “Mature” and “Immature” Science Springer, Dordrecht. pp. 203- 214 ,(1989) , 10.1007/978-94-009-3025-4_16
Ilkka Niiniluoto, Critical scientific realism ,(1999)
Backhouse, Hsu, Silva, Circuits of power in creating de jure standards: shaping an international information systems security standard Management Information Systems Quarterly. ,vol. 30, pp. 413- 438 ,(2006) , 10.2307/25148767
Rossouw Von Solms, Helen Van De Haar, From Trusted Information Security Controls to a Trusted Information Security Environment information security. pp. 29- 36 ,(2000) , 10.1007/978-0-387-35515-3_4
Donn B. Parker, Fighting computer crime: a new framework for protecting information John Wiley & Sons, Inc.. ,(1998)
Karl R. Popper, In Search of a Better World: Lectures and Essays from Thirty Years ,(2012)
M. M. Eloff, S. H. Von Solms, Information Security: Process Evaluation and Product Evaluation information security. pp. 11- 18 ,(2000) , 10.1007/978-0-387-35515-3_2
Detmar W. Straub, William D. Nance, Discovering and disciplining computer abuse in organizations: a field study Management Information Systems Quarterly. ,vol. 14, pp. 45- 60 ,(1990) , 10.2307/249307