Browse by author
Lookup NU author(s): Dr Robert Willison
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners.
Author(s): Siponen M, Willison R
Publication type: Article
Publication status: Published
Journal: Information & Management
Year: 2009
Volume: 46
Issue: 5
Pages: 267-270
ISSN (print): 0378-7206
ISSN (electronic): 1872-7530
Publisher: Elsevier BV
URL: http://dx.doi.org/10.1016/j.im.2008.12.007
DOI: 10.1016/j.im.2008.12.007
Altmetrics provided by Altmetric