Information security management: A hierarchical framework for various approaches

被引：39

作者：

Eloff, MM ^{[1
]}

von Solms, SH

机构：

[1] Technikon Witwatersrand, Sch Informat Technol, Johannesburg, South Africa

[2] Rand Afrikaans Univ, Dept Comp Sci, Johannesburg, South Africa

来源：

COMPUTERS & SECURITY | 2000年 / 19卷 / 03期

关键词：

certification; controls; standards; guidelines; code of practice; accreditation; benchmarking; self-assessment; legislation; evaluation criteria;

D O I：

10.1016/S0167-4048(00)88613-7

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The present article is aimed at clarifying the oft-times confusing terminology and at elucidating the various approaches obtaining to the realm of Information Security (IS) management. The IS management approaches selected for discussion in this article will specifically address those rudiments and concepts that play a key role in the assessment of the IS status of an organization. Following, a hierarchical framework will be developed in terms of which to elucidate ill-defined terms and concerts. By so doing, issues such as certification, benchmarking, guidelines and codes of practice will conic under consideration. IS management approahes widely accepted in the international arena. will also be mapped onto the said hierarchical framework.

引用

页码：243 / 256

页数：14