AN ICT SECURITY MANAGEMENT FRAMEWORK

Aristeidis Chatzipoulidis, Ioannis Mavridis

Abstract

Recently, organizations started to realize that managing information security is more than a software solution; it is a strategic discipline. This realization has emerged a major challenge in the business and technology field, the integration of all governance, risk, and compliance (GRC) activities to operate in synergy and balance in configuration with the business and security objectives. The goal of this paper is to develop a comprehensive ICT security management framework as a unified platform against the evolving GRC complexity. Considering the endemic nature of risk, the risk approach requires periodical rethinking in order to keep pace with security changes and prevent undesirable incidents while preserving the stakeholders’ interests continuously. Such an approach depends on the risk management maturity level, and the portfolio of monitoring controls.

References

  1. Adler, M. P., 2006. A Unified Approach to Information Security Compliance, EDUCAUSE Review, Vol. 41, No. 5, September/October 2006, pp. 46-61
  2. Drew, M., 2007, Information risk management and compliance, expect the unexpected, BT Technology Journal, Vol. 25, Issue 1, pp. 19-29
  3. Hubbard, D., 2009. The Failure of Risk Management: Why It's Broken and How to Fix It, John Wiley & Sons, pp. 42-49.
  4. Johnson, M. E., Goetz, E., 2007. Embedding Information Security into the Organization, IEEE Computer Society, [Online], http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?tp=&arnu mber=4218547&isnumber=4218538
  5. José, A., 2005. Security Metrics and Measurements for IT”, The European Journal for the Informatics Professional, Vol. VI, No. 4, August 2005.
  6. King, S., 2008. Reducing the cost of information security, July,[Online],<http://www.computerweekly.com/blogs /stuart_king/2008/07/reducing-security-costs.html>
  7. KPMG, 2009. Maintaining Your Control Environment in Turbulent Times, Fifth Annual Benchmark Study, [Online],http://www.404institute.com/docs/2009Benc hmarkStudy.pdf
  8. Kumbakara, N., 2008. Managed IT services: the role of IT standards, Journal of Information Management & Computer Security, Vol. 16, No 4, pp.336-359 Meints, M., 2009. The Relationship between Data Protection Legislation and Information Security Related Standards, Springer Publications, Vol. 298, pp. 254- 267, [Online], <http://www.springerlink.com/content/137q4x111r355 371/>
  9. Peltier, T. R., 2008. How to complete a risk assessment in 5 days or less, AUERBACH Publications, pp. 137- 174.
  10. Pink Elephant, 2008. IT service management tools: compatibility considerations, [Online], <https://www.pinkelephant.com/NR/rdonlyres/3C232 8634423430EB5C68358A2D217B9/4340/PinkVERIF YServiceWhitepaperV333.pdf>
  11. Protiviti Corporation, 2006. Automated and preventive controls can decrease compliance costs, [Online], <http://www.knowledgeleader.com/KnowledgeLeader /content.nsf/Web+Content/WPA_ControlsCompliance andtheRoleofContinuousMonitoring!OpenDocument>
  12. Soo Hoo K., J., 2000. How Much Is Enough? A RiskManagement Approach to Computer Security, Working paper, [Online], <http://iisdb.stanford.edu/pubs/11900/soohoo.pdf>
  13. Stanford University, 2009. Stanford IT Audit and Information Security Standards, [Online], <http://www.stanford.edu/dept/InternalAudit/infosec/>
Download


Paper Citation


in Harvard Style

Chatzipoulidis A. and Mavridis I. (2010). AN ICT SECURITY MANAGEMENT FRAMEWORK . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 459-462. DOI: 10.5220/0002989304590462


in Bibtex Style

@conference{secrypt10,
author={Aristeidis Chatzipoulidis and Ioannis Mavridis},
title={AN ICT SECURITY MANAGEMENT FRAMEWORK},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={459-462},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002989304590462},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - AN ICT SECURITY MANAGEMENT FRAMEWORK
SN - 978-989-8425-18-8
AU - Chatzipoulidis A.
AU - Mavridis I.
PY - 2010
SP - 459
EP - 462
DO - 10.5220/0002989304590462