Cited By
View all- Hassan MKhodayer AHassan AKhodayer OMahmood M(2023)Security Issues for Banking SystemsComputational Intelligence, Data Analytics and Applications10.1007/978-3-031-27099-4_10(117-131)Online publication date: 15-Mar-2023
A new comprehensive solution to handle information security Governance in organizations
Article No.: 50, Pages 1 - 5
Abstract
In the last decade, several standards, best practices, and frameworks have been created to help organizations govern the information security in modern organizations in order to optimize processes to achieve business goals. With this in mind, organizations use a variety of mechanisms to ensure that their security architecture is aligned with the organization's business objectives and comply with local standards, rules and regulations in force. Despite the large number of options available, there is considerable confusion over the various methods used by IT managers, and between the various terminologies that suddenly emerged (all at once) in the business world, including information security management (ISM), IT governance (IT-GOV) and information system security governance (ISS-GOV) due to their lack of information compressive Governance approach. This paper, first clarified the main confusions of the different terminologies of this field, and secondly proposes a new in house reference combine the various processes of ITIL V3, ISO 38500 and the security controls of ISO / IEC 27001 which can be used effectively as a complete solution by any organization to govern information security and information technology.
References
[1]
Larrocha ER, Minguet JM, Díaz G, Castro M and Vara A Filling the gap of Information Security Management inside ITIL®: proposals for postgraduate students. IEEE EDUCON Edu. Engg. pp: 907--912, 2010.
[2]
Sannella, M. J. 1994. Constraint Satisfaction and Debugging for Interactive User Interfaces. Doctoral Thesis. UMI Order Number: UMI Order No. GAX95-09398., University of Washington.
[3]
Sheikhpour, R.M.N. and Modiri, N. Mapping Approach of ITIL Service Management Processes to ISO/IEC 27001 Controls. Journal of Computing, 37, pp. 117--124, 2011.
[4]
M.Sykes, N.Landman. " ITIL and ISO/IEC 27001- How ITIL can be used to support the delivery of compliant practices for Informaton Security Management Systems" Fox IT Ltd and QT&C Group Ltd, 2010.
[5]
Rezakhani, A., Hajebi, A. and Mohammadi, N. Standardization of all information security management systems. International Journal of Computer Applications, 18(8), pp. 4--8,2011.
[6]
ISO / CEI," Information technology -- Security techniques -- Information security management systems -- Requirements, 2013.
[7]
Tofan, D.C., 2011. Information security standards. Journal of Mobile, Embedded and Distributed Systems, 3(3), pp. 128--135.
[8]
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(02), p.92.
[9]
Sheikhpour, Razieh, and Nasser Modiri. "An approach to map COBIT processes to ISO/IEC 27001 information security management controls." International Journal of Security and Its Applications 6, no. 2: 13--28, 2012.
[10]
Suwito, M.H., Matsumoto, S., Kawamoto, J., Gollmann, D. and Sakurai, K., 2016. An analysis of IT assessment security maturity in higher education institution. In Information Science and Applications (ICISA) 2016 (pp. 701--713). Springer, Singapore.
[11]
Clinch, J., 2009. ITIL V3 and information security. Best Management Practice.
[12]
Sheikhpour, R. and Modiri, N., 2012. A best practice approach for integration of ITIL and ISO/IEC 27001 services for information security management. Indian Journal of Science and Technology, 5(2), pp. 2170--2176.
[13]
Rezakhani, A., Hajebi, A. and Mohammadi, N., 2011. Standardization of all information security management systems. International Journal of Computer Applications, 18(8), pp. 4--8.
[14]
Larrocha, E.R., Minguet, J.M., Díaz, G., Castro, M. and Vara, A., 2010, April. Filling the gap of Information Security Management inside ITIL®: proposals for posgraduate students. In Education Engineering (EDUCON), 2010 IEEE (pp. 907--912). IEEE.
[15]
J. Said, "Information Security: Risk, Governance and Implementation Setback," Procedia Econ. Finance., vol. 28, no. April, pp. 243--248, 2015.
[16]
De Souza Bermejo, P.H., Tonelli, A.O., Zambalde, A.L., dos Santos, P.A. and Zuppo, L., 2014. Evaluating IT governance practices and business and IT outcomes: A quantitative exploratory study in Brazilian companies. Procedia Technology, 16, pp. 849--857.
[17]
Tsintsifa AJ. Assessment for a Higher Efficiency in IT Security Management. InISSE Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe Conference 2006 Oct 10 (p. 95).
[18]
Security Management. InISSE 2006 Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe 2006 Conference 2006 Oct 10 (p. 95).
[19]
https://www.isaca.org/Journal/archives/2016/volume-5/Pages/holistic-it-governance-risk-management-security-and-privacy.aspx.
[20]
E. Ohki, Y. Harada, S. Kawaguchi, T. Shiozaki, and T. Kagaua, "Information Security Governance Framework," Work. Inf. Secur. Gov., pp. 1--5, 2009.
[21]
ISO/IEC 38500:2015: Information technology - Governance of IT for the organization. International Organization for Standardization, Geneva (2015).
[22]
J. Said, "Information Security: Risk, Governance and Implementation Setback," Procedia Econ. Financ., vol. 28, no. April, pp. 243--248, 2015.
[23]
Moulton R, Coles RS. Applying information security governance. Computers & Security.1;22(7):580--4, 2003.
[24]
Eloff, M.M. and von Solms, S.H. Information security management: a hierarchical framework for various approaches. Computers & Security, 19(3), pp. 243--256, 2000.
[25]
Pereira, Teresa, and Henrique Santos. "A security audit framework to manage Information system security." In International Conference on Global Security, Safety, and Sustainability, pp. 9--18. Springer, Berlin, Heidelberg, 2010.
[26]
Thomson, Kerry-Lynn, and Rossouw Von Solms. "Information security obedience: a definition." Computers & Security 24, no. 1 (2005): 69--75.
[27]
Khoo B, Harris P, Hartman S. Information security governance of enterprise information systems: An approach to legislative compliant. International Journal of Management and Information Systems, 14(3):49--55, 2010.
[28]
Whitman ME, Mattord HJ. Roadmap to information security: For IT and infosec managers. Cengage Learning; 2012 Aug.
[29]
Posthumus S, Von Solms R. A framework for the governance of information security. Computers & Security. 2004 Dec 1;23(8):638--46.
[30]
Sahibudin S, Sharifi M, Ayat M. Combining ITIL, COBIT and ISO/IEC 27002 in order to design a comprehensive IT framework in organizations. InModeling & Simulation, 2008. AICMS 08. Second Asia International Conference (pp. 749--753). IEEE, 2008 May 13.
[31]
De Haes S, Van Grembergen W, Debreceny RS. COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of Information Systems. (1):307--24, 2013 Feb;27.
[32]
Allen, Julia H. Governing for Enterprise Security, (CMU/SEI-2005-TN-023). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, June 2005.
Recommendations
Using the ITIL Process Reference Model for Realizing IT Governance: An Empirical Investigation
Information Technology Infrastructure Library ITIL is a popular framework for IT governance, but little academic research on ITIL exists. The authors investigate the overlap between ITIL and IT governance practices to illustrate ITIL's potential to ...
Proposals for Postgraduate Students to Reinforce Information Security Management Inside ITIL®
This paper is complementary to the previous work published and awarded as Best Student Paper at the International Conference EDUCON 2010 sponsored by the IEEE Education Society: "Filling the gap of Information Security Management inside ITIL®: proposals ...
Assessment of IT governance in organizations
There are various methods available for dealing with IT governance. These methods are diversified, and in some cases lengthy and complicated. This paper is concerned with providing a unified simple approach for IT governance assessment. The approach is ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
March 2019
512 pages
ISBN:9781450366458
DOI:10.1145/3320326
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 March 2019
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
NISS19
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 374Total Downloads
- Downloads (Last 12 months)43
- Downloads (Last 6 weeks)2
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
Cited By
View all- Hassan MKhodayer AHassan AKhodayer OMahmood M(2023)Security Issues for Banking SystemsComputational Intelligence, Data Analytics and Applications10.1007/978-3-031-27099-4_10(117-131)Online publication date: 15-Mar-2023
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in