Skip to main content
SpringerLink
Log in

General Drawing of the Integrated Framework for Security Governance

  • Conference paper
Knowledge-Based Intelligent Information and Engineering Systems (KES 2006)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4251))

Abstract

To provide the structured approach of the security governance to corporate executives is the purpose of this paper. Previous studies on the governance and security management including international standards, methods for risk analysis, guideline for security policy were reviewed to design the components and requirements of the framework of the security governance. Finally, the framework for the security governance, which consists of four domains and two categories of relationship, is suggested considering the requirements of the framework including three perspectives of an architecture, domain, and presentation. It is believed that, with this framework, corporate executives could create greater productivity gains and cost efficiencies from information security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. GDRC: The Global Development Research Center (2005)

    Google Scholar 

  2. Appel, W.: Redefining IT Governance Readiness. META Group (2005)

    Google Scholar 

  3. Dallas, S., Bell, M.: The Need for IT Governance: Now More than Ever. Gartner Inc., Stamford (2004)

    Google Scholar 

  4. Solms, B.V.: Corporate Governance and Information Security. Computers & Security 20(3) (2001)

    Google Scholar 

  5. Conner, F.W., Coviello, A.W.: Information Security Governance: A Call to Action. National Cyber Security Summit Task Force (2004)

    Google Scholar 

  6. Solms, B.V.: Information security governance: CobiT or ISO 17799 or both? Computers & Security 24(2) (2005)

    Google Scholar 

  7. Swindle, O., Conner, B.: The Link Between Information Security and Corporate Governance. Computerworld (2004)

    Google Scholar 

  8. IT Governance Institute: Information Security Governance. IT Governance Institute (2004)

    Google Scholar 

  9. IT Governance Institute: Board Briefing on IT Governance ITGI. IT Governance Institute (2001)

    Google Scholar 

  10. OECD: OECD Principles of Corporate Governance, Organization for Economic Co-operation and Development. Organisation for Economic Co-operation and Development (1999)

    Google Scholar 

  11. Neela, A.M., Mahoney, J.: Work With, Not Against, Your Culture to Refine IT Governance. Gartner Inc., Stamford, CT (2003)

    Google Scholar 

  12. Allen, J.: An Introduction to Governing for Enterprise Security. Software Engineering Institute, Carnegie Mellon University in Pittsburgh (2005)

    Google Scholar 

  13. IT Governance Institute: Information Security Governance: Guidance for Boards of Directors and Executive Management. IT Governance Institute (2001)

    Google Scholar 

  14. Moulton, R., Coles, R.S.: Applying Information Security Governance. Computers & Security 22(7) (2003)

    Google Scholar 

  15. Dallas, S.: Six IT Governance Rules to Boost IT and User Credibility. Gartner Inc., Stamford, CT (2002)

    Google Scholar 

  16. Gerrard, M.: Creating an Effective IT Governance Process. Gartner Inc., Stamford, CT (2003)

    Google Scholar 

  17. Kim, S., Leem, C.S.: An Information Engineering Methodology for the Security Strategy Planning. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3482, Springer, Heidelberg (2005)

    Google Scholar 

  18. Kim, S., Leem, C.S.: Decision Supporting Method with the Analytic Hierarchy Process Model for the Systematic Selection of COTS-based Security Control. Lecture Series on Computer Scienceand on Computational Science, vol. 1 (2004)

    Google Scholar 

  19. Kim, S., Leem, C.S.: Information Strategy Planning Methodology for the Security of Information Systems. In: ICCIE 2004, Cheju (2004)

    Google Scholar 

  20. ISO, ISO13335-1: Information Technology - Guidelines for the Management of IT Security - Part 1: Concepts and Models for IT Security. International Organization for Standardization

    Google Scholar 

  21. NIST: An Introduction to Computer Security: The NIST Handbook. NIST, Gaithersburg, MD (1995)

    Google Scholar 

  22. Henze, D.: IT Baseline Protection Manual. UK (2000)

    Google Scholar 

  23. Kim, S., Choi, S.S., Leem, C.S.: An Integrated Framework for Secure E-business Models and Their Implementation. In: INFORMS 1999, Seoul(1999)

    Google Scholar 

  24. Geer, D.E.: Making Choices to Show ROI. Secure Business Quarterly 1(2) (2001)

    Google Scholar 

  25. Scott, D.: Security Investment Justification and Success Factors. Gartner Inc., Stamford, CT (1998)

    Google Scholar 

  26. Blakley, B.: Returns on Security Investment: An Imprecise But Necessary Calculation. Secure Business Quarterly 1(2) (2001)

    Google Scholar 

  27. Malik, W.: A Security Funding Strategy. Gartner Inc., Stamford (2001)

    Google Scholar 

  28. Power, R.: CSI/FBI Computer Crime and Security Survey, Computer Security Issues & Trends (2002)

    Google Scholar 

  29. Bates, R.J.: Disaster Recovery Planning. McGraw-Hill, New York (1991)

    Google Scholar 

  30. Witty, R.J., Girard, J., Graff, J.W., Hallawell, A., Hildreth, B., MacDonald, N., Malik, W.J., Pescatore, J., Reynolds, M., Russell, K., Wheatman, V., Dubiel, J.P., Weintraub, A.: The Price of Information Security, Gartner Inc., Stamford, CT (2001)

    Google Scholar 

  31. Harris, S.: CISSP All-in-One Exam Guide, 2nd edn. McGraw-Hill, New York (2003)

    Google Scholar 

  32. Roper, C.A.: Risk Management for Security Professionals. Butterworth-Heinemann, Boston (1999)

    Google Scholar 

  33. SEI: A Systems Engineering Capability Maturity Model, Version 2.0. Software Engineering Institute, Carnegie Mellon University in Pittsburgh, PA (1999)

    Google Scholar 

  34. Rex, R.K., Charles, S.A., Houston, C.H.: Risk Analysis for Information Technology. Journal of Management Information Systems 8(1) (1991)

    Google Scholar 

  35. Kim, S., Leem, C.S.: Implementation of the Security System for Instant Messengers. In: Zhang, J., He, J.-H., Fu, Y. (eds.) CIS 2004. LNCS, vol. 3314, Springer, Heidelberg (2004)

    Google Scholar 

  36. Kim, S., Leem, C.S.: Security of the Internet-based Instant Messenger: Risks and Safeguards. Internet Research: Electronic Networking Applications and Policy 15(1) (2005)

    Google Scholar 

  37. Ron, W.: EDP Auditing: Conceptual Foundations and Practice. McGraw-Hill, New York (1988)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Industrial Engineering, Yonsei University, 134, Shinchondong, Seodaemoongu, Seoul, 129-749, South Korea

    Heejun Park

  2. Somansa Co., Ltd., 16, Yangpyeongdong 3ga, Yeongdeungpogu, Seoul, 150-103, South Korea

    Sangkyun Kim

  3. The Liberal Arts School, Dankook University, 147, Hannamro, Yongsangu, Seoul, 140-714, South Korea

    Hong Joo Lee

Authors
  1. Heejun Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sangkyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hong Joo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Design, Engineering and Computing, Bournemouth University, UK

    Bogdan Gabrys

  2. Centre for SMART Systems, School of Environment and Technology, University of Brighton, BN2 4GJ, Brighton, UK

    Robert J. Howlett

  3. School of Electrical and Information Engineering, Knowledge Based Intelligent Engineering Systems Centre, University of South Australia, Mawson Lakes, 5095, SA, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, H., Kim, S., Lee, H.J. (2006). General Drawing of the Integrated Framework for Security Governance. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2006. Lecture Notes in Computer Science(), vol 4251. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11892960_148

Download citation

  • DOI: https://doi.org/10.1007/11892960_148

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-46535-5

  • Online ISBN: 978-3-540-46536-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation