The Experts below are selected from a list of 3519 Experts worldwide ranked by ideXlab platform
R Von Solms - One of the best experts on this subject based on the ideXlab platform.
-
ISSA - A software gateway to affordable and effective Information Security Governance in SMMEs
2013 Information Security for South Africa, 2013Co-Authors: Jacques Coertze, R Von SolmsAbstract:It has been found that many small, medium and micro enterprises (SMMEs) do not comply with sound information Security Governance principles, specifically those principles involved in drafting information Security policies and monitoring compliance, mainly as a result of restricted resources and expertise. Research suggests that this problem occurs worldwide and that the impact it has on SMMEs is great. In previous research an information Security Governance model was established to assist SMMEs in addressing information Security Governance issues and concerns. In order to provide SMMEs with a practical approach for applying this model, further research was conducted to establish a software program that demonstrates the model's practical feasibility. The aim of this paper is to introduce this software program, called The Information Security Governance Toolbox (ISGT), by means of its various components, workings and benefits. Furthermore, a focus-group study's evaluation results are offered that suggest that the program is useful to SMMEs in addressing their information Security Governance implementation challenges and offer value for industry.
-
ISSA - Information Security Governance control through comprehensive policy architectures
2011 Information Security for South Africa, 2011Co-Authors: R Von Solms, Kerry Lynn Thomson, Prosecutor Mvikeli ManinjwaAbstract:Information Security Governance has become one of the key focus areas of strategic management due to its importance in the overall protection of the organization's information assets. A properly implemented Information Security Governance framework should ideally facilitate the implementation of (directing), and compliance to (control), Strategic level management directives. These Strategic level management directives are normally interpreted, disseminated and implemented by means of a series of information Security related policies. These policies should ideally be disseminated and implemented from the Strategic management level, through the Tactical level to the Operational level where eventual execution takes place. Control is normally exercised by capturing data at the lowest levels of execution and measuring compliance against the Operational level policies. Through statistical and summarized analyses of the Operational level data into higher levels of extraction, compliance at the Tactical and Strategic levels can be facilitated. This scenario of directing and controlling defines the basis of sound Information Security Governance. Unfortunately, information Security policies are normally not disseminated onto the Operational level. As a result, proper controlling is difficult and therefore compliance measurement against all information Security policies might be problematic. The objective of this paper is to argue towards a more complete information Security policy architecture that will facilitate complete control, and therefore compliance, to ensure sound Information Security Governance.
-
Information Security Governance - Information Security Governance
Computers & Security, 2008Co-Authors: S. H. Von Solms, R Von SolmsAbstract:It is generally accepted that Information Security Governance is an integral part of Corporate Governance. It is therefore essential for any company to have a proper Information Security Governance...
-
information Security Governance
Computers & Security, 2008Co-Authors: S. H. Von Solms, R Von SolmsAbstract:It is generally accepted that Information Security Governance is an integral part of Corporate Governance. It is therefore essential for any company to have a proper Information Security Governance...
-
information Security Governance a model based on the direct control cycle
Computers & Security, 2006Co-Authors: R Von Solms, S. H. Von SolmsAbstract:It is generally accepted that Information Security Governance is an integral part of Corporate Governance. It is therefore essential for any company to have a proper Information Security Governance program which reflects this integration with Corporate Governance. One of the core principles of Governance, and specifically Corporate Governance, is the Direct-Control Cycle which, in its simplest form, 'prescribes' and 'checks'. This paper presents an Information Security Governance model based on this cycle.
S.h. Basie Von Solms - One of the best experts on this subject based on the ideXlab platform.
-
Modelling Cyber Security Governance Maturity
International Symposium on Technology and Society Proceedings, 2016Co-Authors: Rossouw De Bruin, S.h. Basie Von SolmsAbstract:The purpose of this paper is to introduce a model - the Cyber Security Governance Maturity model - that aims to determine the general Cyber Security maturity of n organization. The model is made up of a number of constituent maturity models which together aims at determining the overall Cyber Security Governance maturity. The end result of this model is a "Cyber Security Governance Maturity dashboard", which will provide a summary of the maturity assessments that each of the constituent maturity models have performed. In doing so, executive management of an organization can have both a summarized as well as a detailed indication of their Cyber Security Governance maturity.
-
ISTAS - Modelling Cyber Security Governance Maturity
2015 IEEE International Symposium on Technology and Society (ISTAS), 2015Co-Authors: Rossouw De Bruin, S.h. Basie Von SolmsAbstract:The purpose of this paper is to introduce a model — the Cyber Security Governance Maturity model — that aims to determine the general Cyber Security maturity of n organization. The model is made up of a number of constituent maturity models which together aims at determining the overall Cyber Security Governance maturity. The end result of this model is a "Cyber Security Governance Maturity dashboard", which will provide a summary of the maturity assessments that each of the constituent maturity models have performed. In doing so, executive management of an organization can have both a summarized as well as a detailed indication of their Cyber Security Governance maturity.
-
Information Security Governance – Compliance management vs operational management
Computers & Security, 2005Co-Authors: S.h. Basie Von SolmsAbstract:This paper discusses the difference that should exist between Information Security Operational Management and Information Security Compliance Management. The paper argues that for good Information Security Governance, good IT Governance and good Corporate Governance, these two dimensions of Information Security Management should be totally separate, and housed in separate departments.
Jan H. P. Eloff - One of the best experts on this subject based on the ideXlab platform.
-
INFORMATION Security Governance: BUSINESS REQUIREMENTS AND RESEARCH DIRECTIONS
Corporate Ownership and Control, 2009Co-Authors: Karin Höne, Jan H. P. EloffAbstract:World wide the importance of Information Security Governance is demanding the attention of senior management. This is due to the ever-changing threat landscape requiring that organisations adopt a focussed approach towards the protection of information assets. Any successful approach towards Information Security Governance is dependant on the availability of relevant and timely research outputs. The research community working on Information Security Governance are diverse and appears to be mis-aligned with the needs of the business community. The problem that this paper addresses is twofold. Firstly, it addresses the confusion regarding the meaning of Information Security Governance. Secondly, it assesses the gap between research and business communities from an Information Security Governance perspective. This article analyses the requirements from the business community and mapped it against current research outputs. Findings clearly indicate that the two worlds are not entirely aligned and that in some cases minimum effort is being spent on the topics deemed important by the business community. Information Security Governance in general can benefit from an improved alignment between the needs of business and the outputs of the research community.
-
An Information Security Governance Framework
Information Systems Management, 2007Co-Authors: A. Da Veiga, Jan H. P. EloffAbstract:Information Security culture develops in an organization due to certain actions taken by the organization. Management implements information Security components, such as policies and technical Security measures with which employees interact and that they include in their working procedures. Employees develop certain perceptions and exhibit behavior, such as the reporting of Security incidents or sharing of passwords, which could either contribute or be a threat to the securing of information assets. To inculcate an acceptable level of information Security culture, the organization must govern information Security effectively by implementing all the required information Security components. This article evaluates four approaches towards information Security Governance frameworks in order to arrive at a complete list of information Security components. The information Security components are used to compile a new comprehensive Information Security Governance framework. The proposed Governance framework can be used by organizations to ensure they are governing information Security from a holistic perspective, thereby minimising risk and cultivating an acceptable level of information Security culture. [PUBLICATION ABSTRACT]
Oscar Rebollo - One of the best experts on this subject based on the ideXlab platform.
-
Empirical evaluation of a cloud computing information Security Governance framework
Information and Software Technology, 2015Co-Authors: Oscar Rebollo, Daniel Mellado, Eduardo Fernández-medina, Haralambos MouratidisAbstract:Context: Cloud computing is a thriving paradigm that supports an efficient way to provide IT services by introducing on-demand services and flexible computing resources. However, significant adoption of cloud services is being hindered by Security issues that are inherent to this new paradigm. In previous work, we have proposed ISGcloud, a Security Governance framework to tackle cloud Security matters in a comprehensive manner whilst being aligned with an enterprise's strategy. Objective: Although a significant body of literature has started to build up related to Security aspects of cloud computing, the literature fails to report on evidence and real applications of Security Governance frameworks designed for cloud computing environments. This paper introduces a detailed application of ISGCloud into a real life case study of a Spanish public organisation, which utilises a cloud storage service in a critical Security deployment. Method: The empirical evaluation has followed a formal process, which includes the definition of research questions previously to the framework's application. We describe ISGcloud process and attempt to answer these questions gathering results through direct observation and from interviews with related personnel. Results: The novelty of the paper is twofold: on the one hand, it presents one of the first applications, in the literature, of a cloud Security Governance framework to a real-life case study along with an empirical evaluation of the framework that proves its validity; on the other hand, it demonstrates the usefulness of the framework and its impact to the organisation. Conclusion: As discussed on the paper, the application of ISGCloud has resulted in the organisation in question achieving its Security Governance objectives, minimising the Security risks of its storage service and increasing Security awareness among its users.
-
A Systematic Review of Information Security Governance Frameworks in the Cloud Computing Environment
Journal of Universal Computer Science, 2012Co-Authors: Oscar Rebollo, Daniel Mellado, Eduardo Fernández-medinaAbstract:The senior management of any enterprise that plans to start using Cloud Computing services needs to define a clear Governance strategy with regard to the Security of its information assets. This paper presents a systematic literature review whose objective is to seek existing Information Security Governance frameworks that may assist companies with these functions. The analysis of the frameworks extracted is complemented with a set of comparative criteria that consider the particularities of Cloud Computing when dealing with Security Governance issues.
Khouloud Boukadi - One of the best experts on this subject based on the ideXlab platform.
-
Security Governance in Multi-Cloud Environment: A systematic Mapping Study
2016Co-Authors: Hamad Witti, Eric Disson, Chirine Ghedira, Khouloud BoukadiAbstract:Cloud computing is transforming the way enterprises purchase and manage computing resources, on the one hand and increasing robustness, scalability and Security aspects (Gartner, 2012), on the other hand. Recently, providers have been moving towards multi-clouds, inter-cloud or cloud-of-clouds environments. Multi-cloud computing promised to support very large-scale, worldwide, distributed applications using multiple and independent cloud environments. However, multi-cloud computing has to face several key challenges such as interoperability, portability, provisioning, elasticity, high availability and Security. These challenges increase the call for Security Governance in such environments. Even though some researches have been achieved in the multi-cloud Security field, it is necessary to assess the current state of research and practice its Security Governance. This paper aims to categorize the existing works about related to the Security Governance in multi-cloud environments by applying a systematic mapping study methodology in order to identify trends and future directions. Our results prove that multi-clouds Security Governance seems to be a promising area in the multi-cloud research and evaluation.
-
SERVICES - Security Governance in Multi-cloud Environment: A Systematic Mapping Study
2016 IEEE World Congress on Services (SERVICES), 2016Co-Authors: Hamad Witti, Eric Disson, Chirine Ghedira-guegan, Khouloud BoukadiAbstract:Cloud computing is transforming the way enterprises purchase and manage computing resources, on the one hand and increasing robustness, scalability and Security aspects (Gartner, 2012), on the other hand. Recently, providers have been moving towards multi-clouds, inter-cloud or cloud-of-clouds environments. Multi-cloud computing promised to support very large-scale, worldwide, distributed applications using multiple and independent cloud environments. However, multi-cloud computing has to face several key challenges such as interoperability, portability, provisioning, elasticity, high availability and Security. These challenges increase the call for Security Governance in such environments. Even though some researches have been achieved in the multi-cloud Security field, it is necessary to assess the current state of research and practice its Security Governance. This paper aims to categorize the existing works about related to the Security Governance in multi-cloud environments by applying a systematic mapping study methodology in order to identify trends and future directions. Our results prove that multi-clouds Security Governance seems to be a promising area in the multi-cloud research and evaluation.
-
Security Governance in Multi-cloud Environment: A Systematic Mapping Study
2016 IEEE World Congress on Services (SERVICES), 2016Co-Authors: Hamad Witti, Eric Disson, Chirine Ghedira-guegan, Khouloud BoukadiAbstract:Cloud computing has revolutionized delivery of IT solutions increasing economic advantages, robustness, scalability, elasticity and Security. Nowadays to achieve their cloud goals, organizations are increasingly move towards enabling multi-cloud environments which promised to support very large-scale, worldwide, distributed applications using multiple and independent cloud environments. However, given their complexity and distribution, multi-cloud has to face several key challenges around Security and Governance such as interoperability, portability, provisioning, elasticity, high availability and Security. Therefore, these challenges increase the needs of Security Governance in such environments. Although some researches have been realized in the multi-cloud Security domain, it becomes imperative to asses the current state of research and practice of its Security Governance. This paper aims to categorize the existing works related to Security Governance in multi-cloud environments by applying a systematic mapping study methodology in order toidentify trends and future directions. Our results prove that multi-clouds Security Governance seems to be a promising areain multi-cloud research and evaluation.
