Information Security Governance - Compliance management vs operational management

Research output: Contribution to journalArticlepeer-review

93 Citations (Scopus)


This paper discusses the difference that should exist between Information Security Operational Management and Information Security Compliance Management. The paper argues that for good Information Security Governance, good IT Governance and good Corporate Governance, these two dimensions of Information Security Management should be totally separate, and housed in separate departments.

Original languageEnglish
Pages (from-to)443-447
Number of pages5
JournalComputers and Security
Issue number6
Publication statusPublished - Sept 2005


  • Compliance management
  • Corporate governance
  • Information security
  • Information security management
  • Information technology governance
  • Operational management
  • Risk management

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Information Security Governance - Compliance management vs operational management'. Together they form a unique fingerprint.

Cite this