Abstract
This paper discusses the difference that should exist between Information Security Operational Management and Information Security Compliance Management. The paper argues that for good Information Security Governance, good IT Governance and good Corporate Governance, these two dimensions of Information Security Management should be totally separate, and housed in separate departments.
Original language | English |
---|---|
Pages (from-to) | 443-447 |
Number of pages | 5 |
Journal | Computers and Security |
Volume | 24 |
Issue number | 6 |
DOIs | |
Publication status | Published - Sept 2005 |
Keywords
- Compliance management
- Corporate governance
- Information security
- Information security management
- Information technology governance
- Operational management
- Risk management
ASJC Scopus subject areas
- General Computer Science
- Law