Abstract
Information security requires CEO attention in their individual companies and as business leaders seeking collectively to promote the development of standards for secure technology.
Furthermore, Boards of directors should consider information security an essential element of corporate governance and a top priority for board review.
In establishing this approach, there are five principles that will help guide executive thinking:
-
1.
The first principle is that the CEO must get involved in the understanding of the security program, the measurement of that program and the relation that program has to business operations.
-
2.
The second principle is that the organization itself has to understand that information assets must be thought of as being as measurable and as tangible as buildings and plants and other valuable business infrastructure
-
3.
The third principle is that we must follow the information and not the system.
-
4.
The fourth principle is that we evaluate the information security services that have been implemented and find a way to validate that they are working.
-
5.
The fifth principle, every bit as important as the others, is that it is vital for organizations to analyze where they stand in their information security governance efforts compared to others in their industry.
To implement these principles, information security stakeholders need to make significant shifts in their perspective. Such shifts allow them to ask the right questions, make better decisions, and select actions appropriate to the effective governance of enterprise security. We will explain these shifts. The next point is to divide the work across five areas of responsibility.
According to our principles, we will describe a framework addressing all components of the enterprise security program not just the technical components.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Business Roundtable Report, Securing Cyberspace: Business Roundtable’s Framework for the Future April 2004
Commission Communication (COM(2003)284) of 21 May 2003 modernising Company Law and enhancing Corporate Governance in the EU.
OECD Principles of Corporate Governance: 2004
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2006 Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Le Roux, Y. (2006). Blending Corporate Governance with Information Security. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_42
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9195-2_42
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0213-2
Online ISBN: 978-3-8348-9195-2
eBook Packages: Computer ScienceComputer Science (R0)