TY - JOUR
T1 - Information security management
T2 - An approach to combine process certification and product evaluation
AU - Eloff, M. M.
AU - Von Solms, S. H.
PY - 2000
Y1 - 2000
N2 - Information Security (IS) is the key to the effective management of any organization in today's commercial and industrial sectors. Line managers' performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management's performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural and management perspective, in which case the focus will, instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both these perspectives.
AB - Information Security (IS) is the key to the effective management of any organization in today's commercial and industrial sectors. Line managers' performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management's performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural and management perspective, in which case the focus will, instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both these perspectives.
UR - http://www.scopus.com/inward/record.url?scp=0034516080&partnerID=8YFLogxK
U2 - 10.1016/S0167-4048(00)08019-6
DO - 10.1016/S0167-4048(00)08019-6
M3 - Comment/debate
AN - SCOPUS:0034516080
SN - 0167-4048
VL - 19
SP - 698
EP - 709
JO - Computers and Security
JF - Computers and Security
IS - 8
ER -