Toggle Main Menu Toggle Search

Open Access padlockePrints

Information security management standards: Problems and solutions

Lookup NU author(s): Dr Robert Willison

Downloads

Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Abstract

International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners.


Publication metadata

Author(s): Siponen M, Willison R

Publication type: Article

Publication status: Published

Journal: Information & Management

Year: 2009

Volume: 46

Issue: 5

Pages: 267-270

ISSN (print): 0378-7206

ISSN (electronic): 1872-7530

Publisher: Elsevier BV

URL: http://dx.doi.org/10.1016/j.im.2008.12.007

DOI: 10.1016/j.im.2008.12.007


Altmetrics

Altmetrics provided by Altmetric


Share