Enterprise Security Governance; A practical guide to implement and control Information Security Governance (ISG)

2006 ◽  
Author(s):  
G.A. de Oliveira Alves ◽  
L.F.R. da Costa Carmo ◽  
A.C.R.D. de Almeida
Keyword(s):  
Information Security ◽  
Security Governance ◽  
Control Information ◽  
Practical Guide ◽  
Information Security Governance ◽  
Enterprise Security ◽  
And Control

A Mark-Up Language for the Specification of Information Security Governance Requirements

2013 ◽  
pp. 103-123
Author(s):  
Anirban Sengupta ◽  
Chandan Mazumdar
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Requirements ◽  
Security Requirement ◽  
Security Governance ◽  
Digital World ◽  
Information Security Governance ◽  
Version 2.0 ◽  
Enterprise Security ◽  
And Control

As enterprises become dependent on information systems, the need for effective Information Security Governance (ISG) assumes significance. ISG manages risks relating to the confidentiality, integrity and availability of information, and its supporting processes and systems, in an enterprise. Even a medium-sized enterprise contains a huge collection of information and other assets. Moreover, risks evolve rapidly in today’s connected digital world. Therefore, the proper implementation of ISG requires automation of the various monitoring, analysis, and control processes. This can be best achieved by representing information security requirements of an enterprise in a standard, structured format. This paper presents such a structured format in the form of Enterprise Security Requirement Markup Language (ESRML) Version 2.0. It is an XML-based language that considers the elements of ISO 27002 best practices.

A Mark-Up Language for the Specification of Information Security Governance Requirements

2011 ◽  
Vol 5 (2) ◽  
pp. 33-53 ◽  
Author(s):  
Anirban Sengupta ◽  
Chandan Mazumdar
Keyword(s):  
Information Security ◽  
Best Practices ◽  
Security Requirements ◽  
Markup Language ◽  
Security Governance ◽  
Digital World ◽  
Information Security Governance ◽  
Version 2.0 ◽  
Enterprise Security ◽  
And Control

As enterprises become dependent on information systems, the need for effective Information Security Governance (ISG) assumes significance. ISG manages risks relating to the confidentiality, integrity and availability of information, and its supporting processes and systems, in an enterprise. Even a medium-sized enterprise contains a huge collection of information and other assets. Moreover, risks evolve rapidly in today’s connected digital world. Therefore, the proper implementation of ISG requires automation of the various monitoring, analysis, and control processes. This can be best achieved by representing information security requirements of an enterprise in a standard, structured format. This paper presents such a structured format in the form of Enterprise Security Requirement Markup Language (ESRML) Version 2.0. It is an XML-based language that considers the elements of ISO 27002 best practices.

An Integrated Security Governance Framework for Effective PCI DSS Implementation

2011 ◽  
Vol 5 (3) ◽  
pp. 50-67 ◽  
Author(s):  
Mathew Nicho ◽  
Hussein Fakhry ◽  
Charles Haiber
Keyword(s):  
Information Security ◽  
Credit Cards ◽  
Comprehensive Overview ◽  
Technology Infrastructure ◽  
Governance Framework ◽  
Security Governance ◽  
Pci Dss ◽  
Information Security Governance ◽  
Security Standards ◽  
And Control

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

Sign in / Sign up

Export Citation Format

Share Document