Title :
Information security management - a practical approach
Author_Institution :
Kuwait Inst. for Sci. Res. (KISR), Safat
Abstract :
Information security is an important issue in today´s business. Information security management can no more be done by merely a set of hardware and software. Rather, it requires a complete end-to-end system. Such a system is called Information Security Management System (ISMS). It requires special focus and participation from all levels of employees with full commitments and responsibilities in establishing such a system and implementing it within the organization. ISO security standards and government compliance regulations guide and enforce organizations about certain requirements and norms. Organizations need to build an ISMS by combining all the bits and pieces as per their business needs. This paper illustrates a practical approach, as a ready reference, to build an ISMS in a business organization.
Keywords :
information management; security of data; ISO security standard; business organization; end-to-end system; government compliance regulation; information security management system; Hardware; IP networks; ISO standards; Information management; Information security; Management training; Organizational aspects; Physics computing; Protection; Standards organizations; Computer Security; ISO 17799 / 27001 Standards; Information Systems; Security;
Conference_Titel :
AFRICON 2007
Conference_Location :
Windhoek
Print_ISBN :
978-1-4244-0987-7
Electronic_ISBN :
978-1-4244-0987-7
DOI :
10.1109/AFRCON.2007.4401528
