Skip to main content
SpringerLink
Log in

Governance of Information Security: New Paradigm of Security Management

  • Chapter
Computational Intelligence in Information Assurance and Security

Part of the book series: Studies in Computational Intelligence ((SCI,volume 57))

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Allen J (2005) An introduction to governing for enterprise security. Software Engineering Institute, Carnegie Mellon University in Pittsburgh.

    Google Scholar 

  2. Alter S(1999) Information systems: a management perspective. Addison-Wesley, New York.

    Google Scholar 

  3. Appel W (2005) Redefining IT governance readiness. META Group.

    Google Scholar 

  4. Bates RJ (1991) Disaster recovery planning. McGraw-Hill, New York.

    Google Scholar 

  5. Beall S, Hodges R (2002) Protection and security: software comparison columns. Gartner Inc., Stamford.

    Google Scholar 

  6. Blakley B (2001) Returns on security investment: an imprecise but necessary calculation. Secure Business Quarterly 1.

    Google Scholar 

  7. Connell B, Rochet P, Chow E, Savino L, Payne P (2004) Enterprise governance: getting the balance right. International Federation of Accountants.

    Google Scholar 

  8. Conner FW, Coviello AW (2004) Information security governance: a call to action. National Cyber Security Summit Task Force.

    Google Scholar 

  9. Dallas S, Bell M (2004) The need for IT governance: now more than ever. Gartner Inc., Stamford.

    Google Scholar 

  10. Dallas S (2002) Six IT governance rules to boost IT and user credibility. Gartner Inc., Stamford.

    Google Scholar 

  11. Firth R, Fraser B, Konda S, Simmel D (1998) An approach for selecting and specifying tools for information survivability. Software Engineering Institute, Carnegie Mellon University in Pittsburgh.

    Google Scholar 

  12. Fites PE, Kratz MPJ, Brebner AF (1989) Controls and security of computer information systems. Computer Science Press, Rockville.

    Google Scholar 

  13. GDRC (2005) The global development research center (http://www.gdrc.org)

  14. Geer DE (2001) Making choices to show ROI. Secure Business Quarterly 1.

    Google Scholar 

  15. Gerrard M (2003) Creating an effective IT governance process. Gartner Inc., Stamford.

    Google Scholar 

  16. Gilbert IE (1989) Guide for selecting automated risk analysis tools (SP 500-174). NIST, Gaithersburg.

    Google Scholar 

  17. Harris S (2003) CISSP all-in-one exam guide 2nd edition. McGraw-Hill, New York.

    Google Scholar 

  18. Henze D (2000) IT baseline protection manual. Federal Agency for Security in Information Technology, Germany.

    Google Scholar 

  19. Hutt AE (1988) Management’s roles in computer security. In: Hutt AE (eds) Computer security handbook. Macmillan, New York.

    Google Scholar 

  20. Institute on Governance (2005) What is governance?: getting to a definition (http://www.iog.ca)

  21. ISO13335-1: information technology - guidelines for the management of IT security - part 1: concepts and models for IT security. International Organization for Standardization, Geneva.

    Google Scholar 

  22. ISO17799: information technology - security techniques - code of practice for information security management. International Organization for Standardization, Geneva.

    Google Scholar 

  23. IT Governance Institute (2001) Board briefing on IT governance. IT Governance Institute, Rolling Meadows.

    Google Scholar 

  24. IT Governance Institute (2004) Information security governance. IT Governance Institute, Rolling Meadows.

    Google Scholar 

  25. IT Governance Institute (2001) Information security governance: guidance for boards of directors and executive management. IT Governance Institute, Rolling Meadows.

    Google Scholar 

  26. Kavanaugh K (2001) Security services: focusing on user needs. Gartner Inc., Stamford.

    Google Scholar 

  27. Kim S, Lee HJ (2005) Cost-benefit analysis of security investments: a methodology and case study. Lecture Notes in Computer Science 3482: 1239-1248.

    Google Scholar 

  28. Kim S, Leem CS (2004) An evaluation methodology of enterprise security management systems. Fifth International Conference on Operations and Quantitative Management, Seoul.

    Google Scholar 

  29. Kim S, Leem CS (2004) An information engineering methodology for the security strategy planning. Lecture Notes in Computer Science 3482: 597-607.

    Google Scholar 

  30. Kim S, Leem CS (2004) Decision supporting method with the analytic hierarchy process model for the systematic selection of COTS-based security control. Lecture Series on Computer Science and on Computational Sciences 1: 896-899.

    Google Scholar 

  31. Kim S, Leem CS (2004) Implementation of the security system for instant messengers. Lecture Notes in Computer Science 3314: 739-744.

    Article  Google Scholar 

  32. Kim S, Leem CS (2004) Information strategy planning methodology for the security of information systems. ICCIE 2004, Cheju.

    Google Scholar 

  33. Kim S, Leem CS (2005) Security of the internet-based instant messenger: risks and safeguards. Internet Research: Electronic Networking Applications and Policy 15: 88-98.

    Article  Google Scholar 

  34. Kim S, Choi SS, Leem CS (1999) An integrated framework for secure e-business models and their implementation. INFORMS’99, Seoul.

    Google Scholar 

  35. Kim S (2002) Security consultant training handbook. HIT, Seoul.

    Google Scholar 

  36. Krutz RL, Vines RD (2001) The CISSP prep guide: mastering the ten domains of computer security. John Wiley and Sons, New York.

    Google Scholar 

  37. Lynch G., Stenmark I (1996) A methodology for rating security vendors. Gartner Inc., Stamford.

    Google Scholar 

  38. Malik W (2001) A security funding strategy. Gartner Inc., Stamford.

    Google Scholar 

  39. Marianne S (1998) Guide for developing security plans for information technology systems. NIST, Gaithersburg.

    Google Scholar 

  40. Mingay S, Bittinger S (2002) Combine CobiT and ITIL for powerful IT governance. Gartner Inc., Stamford.

    Google Scholar 

  41. Moulton R, Coles RS (2003) Applying information security governance. Computers and Security 22: 580-584.

    Article  Google Scholar 

  42. Neela AM, Mahoney J (2003) Work with, not against, your culture to refine IT governance. Gartner Inc., Stamford.

    Google Scholar 

  43. NIST (1995) An introduction to computer security: the NIST handbook. NIST, Gaithersburg.

    Google Scholar 

  44. NIST (2001) Security self-assessment guide for information technology systems. NIST, Gaithersburg.

    Google Scholar 

  45. OECD (1999) OECD principles of corporate governance. Organization for Economic Cooperation and Development.

    Google Scholar 

  46. Polk WT, Bassham LE (1992) A guide to the selection of anti-virus tools and techniques (SP 800-5). NIST, Gaithersburg.

    Google Scholar 

  47. Posthumus S, Solms RV (2004) A framework for the governance of information security. Computers and Security 23: 638-646.

    Article  Google Scholar 

  48. Power R (2002) CSI/FBI computer crime and security survey. Federal Bureau of Investigation, Washington.

    Google Scholar 

  49. Rex RK, Charles SA, Houston CH (1991) Risk analysis for information technology. Journal of Management Information Systems 8.

    Google Scholar 

  50. Ron W (1988) EDP auditing: conceptual foundations and practice. McGraw-Hill, New York.

    Google Scholar 

  51. Roper CA (1999) Risk management for security professionals. Butterworth-Heinemann, Boston.

    Google Scholar 

  52. Schweitzer JA (1983) Protecting information in the electronic workplace: a guide for managers. Reston Publishing Company, Reston.

    Google Scholar 

  53. Scott D (1998) Security investment justification and success factors. Gartner Inc., Stamford.

    Google Scholar 

  54. SEI (1999) A systems engineering capability maturity model version 2. Software Engineering Institute, Carnegie Mellon University in Pittsburgh.

    Google Scholar 

  55. Solms BV, Solms RV (2005) From information security to business security?. Computers and Security 24: 271-273.

    Article  Google Scholar 

  56. Solms BV (2001) Corporate governance and information security. Computers and Security 20: 215-218.

    Article  Google Scholar 

  57. Solms BV (2005) Information security governance: CobiT or ISO 17799 or both?. Computers and Security 24: 99-104.

    Article  Google Scholar 

  58. Swindle O, Conner B (2004) The link between information security and corporate governance. Computerworld.

    Google Scholar 

  59. Tudor JK (2000) Information security architecture: an integrated approach to security in the organization. Auerbach, New York.

    Google Scholar 

  60. Vallabhaneni R (2000) CISSP examination textbooks. SRV Professional Publications, Los Angeles.

    Google Scholar 

  61. Weill P, Woodham R (2002) Don’t just lead, govern: implementing effective IT governance. Center for Information Systems Research, Sloan School of Management, Massachusetts Institute of Technology in Cambridge.

    Google Scholar 

  62. Witty RJ, Girard J, Graff JW, Hallawell A, Hildreth B, MacDonald N, Malik WJ, Pescatore J, Reynolds M, Russell K, Wheatman V, Dubiel JP, Weintraub A (2001) The price of information security. Gartner Inc., Stamford.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SOMANSA, Seoul, Korea

    Sangkyun Kim

Authors
  1. Sangkyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculdade de Engenharia, State University of Rio de Janeiro, Rua São Francisco Xavier 524 Sala 5022-D, 20550-900, Maracanã, Rio de Janeiro, Brazil

    Nadia Nedjah

  2. Centre for Quantifiable Quality of Service in Communication Systems (Q2S), Norwegian University of Science and Technology, O.S. Bragstads plass 2E, N-7491, Trondheim, Norway

    Ajith Abraham

  3. Faculdade de Engenharia, State University of Rio de Janeiro, Rua São Francisco Xavier 524 Sala 5022-D, 20550-900, Maracanã, Rio de Janeiro, Brazil

    Luiza de Macedo Mourelle

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Kim, S. (2007). Governance of Information Security: New Paradigm of Security Management. In: Nedjah, N., Abraham, A., Mourelle, L.d.M. (eds) Computational Intelligence in Information Assurance and Security. Studies in Computational Intelligence, vol 57. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71078-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71078-3_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71077-6

  • Online ISBN: 978-3-540-71078-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation