Information security governance: Due care

Rossouw von Solms, S. H.(Basie) von Solms

Research output: Contribution to journalArticlepeer-review

27 Citations (Scopus)


Most modern corporate governance guidelines, and also some country laws, make the Board and specifically the CEO responsible for the well-being of the organization. These parties must ensure that critical company assets are identified and that these assets are protected against possible risks that may negatively influence the organization. Information can certainly be regarded as a critical business asset in most organizations today. Therefore, due care needs to be applied in the protection of information resources. Failure to do so can lead to a legal charge of negligence. As best practices can be argued as a very effective approach to apply due care, this paper proposes a self-evaluation exercise (based on best practices) for boards of companies to be used to determine whether due care has indeed been applied.

Original languageEnglish
Pages (from-to)494-497
Number of pages4
JournalComputers and Security
Issue number7
Publication statusPublished - Oct 2006


  • Best practices
  • Corporate governance
  • Due care
  • Governance
  • Information security governance
  • Negligence

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Information security governance: Due care'. Together they form a unique fingerprint.

Cite this