• DocumentCode
    541928
  • Title

    An ICT security management framework

  • Author

    Chatzipoulidis, Aristeidis ; Mavridis, Ioannis

  • Author_Institution
    Department of Applied Informatics, University of Macedonia, Egnatia 156, Thessaloniki, Greece
  • fYear
    2010
  • fDate
    26-28 July 2010
  • Firstpage
    1
  • Lastpage
    4
  • Abstract
    Recently, organizations started to realize that managing information security is more than a software solution; it is a strategic discipline. This realization has emerged a major challenge in the business and technology field, the integration of all governance, risk, and compliance (GRC) activities to operate in synergy and balance in configuration with the business and security objectives. The goal of this paper is to develop a comprehensive ICT security management framework as a unified platform against the evolving GRC complexity. Considering the endemic nature of risk, the risk approach requires periodical rethinking in order to keep pace with security changes and prevent undesirable incidents while preserving the stakeholders´ interests continuously. Such an approach depends on the risk management maturity level, and the portfolio of monitoring controls.
  • Keywords
    Information security; Monitoring; Organizations; Process control; Risk management; ICT security; Information system controls; Risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Cryptography (SECRYPT), Proceedings of the 2010 International Conference on
  • Conference_Location
    Athens
  • Type

    conf

  • Filename
    5741649
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=541928