Abstract
It is generally accepted that Information Security Governance is an integral part of Corporate Governance. It is therefore essential for any company to have a proper Information Security Governance program which reflects this integration with Corporate Governance. One of the core principles of Governance, and specifically Corporate Governance, is the Direct-Control Cycle which, in its simplest form, 'prescribes' and 'checks'. This paper presents an Information Security Governance model based on this cycle.
Original language | English |
---|---|
Pages (from-to) | 408-412 |
Number of pages | 5 |
Journal | Computers and Security |
Volume | 25 |
Issue number | 6 |
DOIs | |
Publication status | Published - Sept 2006 |
Keywords
- Compliance enforcement
- Corporate Governance
- Direct-Control Cycle
- Governance
- Information Security Governance
- Management levels
ASJC Scopus subject areas
- General Computer Science
- Law