Information Security Governance: When Compliance Becomes More Important than Security - Security and Privacy - Silver Linings in the Cloud
Conference Papers Year : 2010

Information Security Governance: When Compliance Becomes More Important than Security

Abstract

Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational security practices, this may not be sufficient in the current dynamic security environment. Organizational information security must adapt to changing conditions by extending security governance to middle management as well as system/network administrators. Unfortunately the lack of clear business security objectives and strategies at the business unit level is likely to result in a compliance culture, where those responsible for implementing information security are more interested in complying with organizational standards and policies than improving security itself.
Fichier principal
Vignette du fichier
5-Paper-158-Information_Security_Governance-When_Compliance_Becomes_more_Important_than_Security-Tan_Terence.pdf (260.4 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01054503 , version 1 (07-08-2014)

Licence

Identifiers

Cite

Terence C. C. Tan, Anthonie B. Ruighaver, Atif Ahmad. Information Security Governance: When Compliance Becomes More Important than Security. 25th IFIP TC 11 International Information Security Conference (SEC) / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. pp.55-67, ⟨10.1007/978-3-642-15257-3_6⟩. ⟨hal-01054503⟩
163 View
669 Download

Altmetric

Share

More