Information security governance : when compliance becomes more important than security

Tan, Terence C. C., Ruighaver, Anthonie B. and Ahmad, Atif 2010, Information security governance : when compliance becomes more important than security, in SEC 2010 : IFIP TC 11 : Proceedings of the 25th IFIP TC 11 International Information Security Conference, Springer Berlin, Berlin, Germany, pp. 55-67.

Attached Files
Name Description MIMEType Size Downloads

Title Information security governance : when compliance becomes more important than security
Author(s) Tan, Terence C. C.
Ruighaver, Anthonie B.
Ahmad, Atif
Conference name IFIP TC 11 International Information Security Conference (25th : 2010 : Brisbane, Queensland)
Conference location Brisbane, Queensland
Conference dates 20-23 Sep. 2010
Title of proceedings SEC 2010 : IFIP TC 11 : Proceedings of the 25th IFIP TC 11 International Information Security Conference
Editor(s) [Unknown]
Publication date 2010
Conference series International Information Security Conference
Start page 55
End page 67
Publisher Springer Berlin
Place of publication Berlin, Germany
Keyword(s) security culture
decentralized decision making
security strategic context
business security strategies
Summary Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational security practices, this may not be sufficient in the current dynamic security environment. Organizational information security must adapt to changing conditions by extending security governance to middle management as well as system/network administrators. Unfortunately the lack of clear business security objectives and strategies at the business unit level is likely to result in a compliance culture, where those responsible for implementing information security are more interested in complying with organizational standards and policies than improving security itself.
ISBN 9783642152566
3642152562
Language eng
Field of Research 080609 Information Systems Management
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1 Full written paper - refereed
HERDC collection year 2010
Copyright notice ©2010, IFIP International Federation for Information Processing
Persistent URL http://hdl.handle.net/10536/DRO/DU:30031478

Document type: Conference Paper
Collections: Faculty of Business and Law
School of Information and Business Analytics
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 314 Abstract Views, 2 File Downloads  -  Detailed Statistics
Created: Tue, 07 Dec 2010, 15:06:52 EST by Katrina Fleming

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.