Title :
Enterprise Security Governance; A practical guide to implement and control Information Security Governance (ISG)
Author :
de Oliveira Alves, Gustavo Alberto ; Carmo, Luiz Fernando Rust da Costa ; De Almeida, Ana Cristina Ribeiro Dutra
Author_Institution :
Computer Center (NCE), Federal University of Rio de Janeiro (UFRJ), Rio de Janeiro, Brazil. galberto@nce.ufrj.br
Abstract :
Following the advances of Information Technology (IT) Management and Information Security, organizations have felt the need to standardize their activities and, principally, to integrate any technological action with short and long-term business objectives and administrative strategies. Through the interrelationship of corporative and technological governance, with Information Security Governance (ISG), it becomes possible to reach this alignment, contributing to corporative results. The purpose of this paper is to present a framework for implementing Information Security Governance, which considers the integration between strategical objectives and their indicators - Balanced Scorecard (BSC) - with IT business objectives from CobiT, as well as security best practices from ISO/IEC 17799.
Keywords :
Information Security Governance; Security Dashboard; Security Scorecard; Best practices; Business; Globalization; IEC standards; ISO standards; Information management; Information security; Information technology; Internet; Technology management; Information Security Governance; Security Dashboard; Security Scorecard;
Conference_Titel :
Business-Driven IT Management, 2006. BDIM '06. The First IEEE/IFIP International Workshop on
Print_ISBN :
1-4244-0176-3
DOI :
10.1109/BDIM.2006.1649213
