Information security management: An approach to combine process certification and product evaluation

M. M. Eloff, S. H. Von Solms

Research output: Contribution to journalComment/debate

55 Citations (Scopus)

Abstract

Information Security (IS) is the key to the effective management of any organization in today's commercial and industrial sectors. Line managers' performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management's performance is judged by how well the organization performs in terms of internationally accepted codes of IS practice. IS management, however, is not always a quantifiable entity and its evaluation is complicated by the fact that it can be viewed either from an electronic perspective, in which case the focus will fall solely on product and/or systems evaluation, or from a procedural and management perspective, in which case the focus will, instead, fall on the certification of the IS management process. This article will, therefore, be devoted to providing a consolidated approach to the evaluation of IS management, in terms of which full cognisance will be taken of both these perspectives.

Original languageEnglish
Pages (from-to)698-709
Number of pages12
JournalComputers and Security
Volume19
Issue number8
DOIs
Publication statusPublished - 2000

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'Information security management: An approach to combine process certification and product evaluation'. Together they form a unique fingerprint.

Cite this