Exploring information security compliance in corporate IT governance

被引：5

作者：

Tarn, J. Michael ^{[1
]}

Raymond, Heath ^{[2
]}

Razi, Muhammad ^{[1
]}

Han, Bernard T. ^{[1
]}

机构：

[1] Western Michigan Univ, Haworth Coll Business, Dept Business Informat Syst, 1903 W Michigan Ave,MS 5412, Kalamazoo, MI 49008 USA

[2] Keane Inc, Grand Rapids, MI USA

来源：

HUMAN SYSTEMS MANAGEMENT | 2009年 / 28卷 / 03期

关键词：

Information security management; IT governance; security; compliance;

D O I：

10.3233/HSM-2009-0698

中图分类号：

C93 [管理学];

学科分类号：

12 ; 1201 ; 1202 ; 120202 ;

摘要：

This article first reviews the major IT governance frameworks and then discusses the case study of a multinational enterprise. A problem and gap analysis employing an information security management systems (ISMS) compliance approach is performed via the establishment and evaluation of the company's statement of applicability (SOA) according to ISO 27001. The article concludes with recommendations for how the company can address the gaps in its ISMS and achieve security compliance in its IT governance.

引用

页码：131 / 140

页数：10

共 50 条

[31] Social security reform and corporate governance
Redding, Lee S.
JOURNAL OF POLICY REFORM, 2006, 9 (03): : 235 - 246
[32] Compliance with Corporate Governance Principles: Australian Evidence
Safari, Maryam
Mirshekary, Soheila
Wise, Victoria
AUSTRALASIAN ACCOUNTING BUSINESS AND FINANCE JOURNAL, 2015, 9 (04) : 3 - 19
[33] Information Disclosure and Corporate Governance
Hermalin, Benjamin E.
Weisbach, Michael S.
JOURNAL OF FINANCE, 2012, 67 (01): : 195 - 233
[34] Information Asymmetry and Corporate Governance
Cai, Jie
Liu, Yixin
Qian, Yiming
Yu, Miaomiao
QUARTERLY JOURNAL OF FINANCE, 2015, 5 (03)
[35] Operational Security - Security-based Corporate Governance
Szenes, Katalin
IEEE 9TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL CYBERNETICS (ICCC 2013), 2013, : 375 - 378
[36] Corporate security responsibility? Corporate governance contributions to peace and security in zones of conflict
Krahmann, Elke
INTERNATIONAL AFFAIRS, 2010, 86 (05) : 1222 - 1223
[37] Do it OR ELSE! Exploring the Effectiveness of Deterrence on Employee Compliance with Information Security Policies
Aurigemma, Sal
Mattson, Thomas
AMCIS 2014 PROCEEDINGS, 2014,
[38] Information Security Policy Compliance: The Role of Information Security Awareness
AL-Omari, Ahmad
El-Gayar, Omar
Deokar, Amit
AMCIS 2012 PROCEEDINGS, 2012,
[39] Information Governance: Beyond Risk and Compliance
Beijer, Peter
Kooper, Michiel
PROCEEDINGS OF THE 6TH EUROPEAN CONFERENCE ON MANAGEMENT LEADERSHIP AND GOVERNANCE, 2010, : 34 - 39
[40] Corporate Security Responsibility? Corporate Governance Contributions to Peace and Security in Zones of Conflict.
Slobozhan, Oxana
JOURNAL OF PEACE RESEARCH, 2010, 47 (06) : 811 - 811

← 1 2 3 4 5 →