Information security: Process evaluation and product evaluation

M. M. Eloff, S. H. von Solms

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Effective management in any organisation requires a holistic approach in focusing on information security. Senior managers have to know how well their organisations are perfonning as measured against internationally accepted best practices. Part of the information security management problem is that it is viewed either from a technological perspective focussing on product evaluation only, or from a procedural and management perspective focussing on evaluation of the management processes. This paper aims to provide a consolidated perspective that takes both these aspects into consideration when measuring and evaluating the information security level of an organisation.

Original languageEnglish
Title of host publicationInformation Security for global information infrastructures IFIP TC11- 16th Annual Working Conference on Information Security, 2000
EditorsJan H.P. Eloff, Sihan Qing
PublisherSpringer New York LLC
Number of pages8
ISBN (Print)9781475754797
Publication statusPublished - 2017
Event16th IFIP World Computer Congress, WCC 2000 - Beijing, China
Duration: 21 Aug 200025 Aug 2000

Publication series

NameIFIP Advances in Information and Communication Technology
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X


Conference16th IFIP World Computer Congress, WCC 2000


  • Certification
  • Code of practice
  • Controls
  • Evaluation criteria
  • Guideline
  • Process evaluation
  • Product evaluation
  • Standards

ASJC Scopus subject areas

  • Information Systems and Management


Dive into the research topics of 'Information security: Process evaluation and product evaluation'. Together they form a unique fingerprint.

Cite this