Information Security Governance: A model based on the Direct-Control Cycle

Rossouw von Solms, S. H. (Basie) von Solms

Research output: Contribution to journalArticlepeer-review

80 Citations (Scopus)

Abstract

It is generally accepted that Information Security Governance is an integral part of Corporate Governance. It is therefore essential for any company to have a proper Information Security Governance program which reflects this integration with Corporate Governance. One of the core principles of Governance, and specifically Corporate Governance, is the Direct-Control Cycle which, in its simplest form, 'prescribes' and 'checks'. This paper presents an Information Security Governance model based on this cycle.

Original languageEnglish
Pages (from-to)408-412
Number of pages5
JournalComputers and Security
Volume25
Issue number6
DOIs
Publication statusPublished - Sept 2006

Keywords

  • Compliance enforcement
  • Corporate Governance
  • Direct-Control Cycle
  • Governance
  • Information Security Governance
  • Management levels

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'Information Security Governance: A model based on the Direct-Control Cycle'. Together they form a unique fingerprint.

Cite this