A Framework for Information Security Management Based on Guiding Standards: A United States Perspective
InSITE 2008 • Volume 8 • 2008
Despite government oversight, consumers continue to be concerned about the security of personal information used by corporations. Consumer concerns give rise to the necessity for corporations to manage information security. Navigating the multitude of existing security standards, including dedicated standards for information security and frameworks for controlling the implementation of information technology, presents a challenge to organizations. In response, we propose our ISM framework which considers global, national, organizational, and employee standards to guide ISM. We contend that a strategic approach to ISM will enable a focus on managing information as a key resource in global competition. This framework is intended to promote a cohesive approach which considers a process view of information within the context of the entire organizational operational environment. This framework can be used by international, national, and regional corporations to formulate, implement, enforce, and audit information security policies and practices.
information security, security standards, security policy, strategic information security management, IT management.
6 total downloads