Comparative Analysis Of Information Security Governance Frameworks: A Public Sector Approach

PROCEEDINGS OF THE 11TH EUROPEAN CONFERENCE ON EGOVERNMENT(2011)

引用 0|浏览0
暂无评分
摘要
Security awareness has spread inside many organizations leading them to tackle information security not just as a technical matter, but from a corporate point of view. Information Security Governance (ISG) provides enterprises with means of dealing with the security of their information assets in a comprehensive manner, involving every stakeholder through the whole governance and management processes. Boards of Public Entities cannot remain unaware of this development and should make efforts to include ISG in their business processes. Realizing this relevant role, scientific literature contains a variety of proposals which define different frameworks to foster ISG inside any corporation. In order to facilitate the adoption of any of them by the public sector, this paper compiles existing approaches, highlighting the main contributions and characteristics of each one. Senior executives and security managers may need support on their decisions about adopting one of these frameworks, so a comparative analysis is performed. Although some comparative reviews are found in literature, they lack a systematic and repeatable methodology, ignore recently published contributions or focus on specific areas, making results biased and inappropriate for general use in corporations and the public sector. This paper tries to guarantee an objective comparison through a set of comparative criteria that have been defined and applied to every proposal, so that strengths and weaknesses of each one can be pointed out. These criteria have been selected from a deep analysis of existing ISG papers, including both governance and management aspects. As results show, each proposal focuses on different aspects of ISG giving priority to some of the defined criteria, and none of them covers the entire required spectrum. Most of the selected frameworks can be used by any public organization as a starting point towards integrating security into their processes, but this paper helps managers to be aware of their limitations and the gaps which need to be covered in order to achieve a complete integration. Consequently, more investigation is needed to fulfill detected gaps and define an ISG framework that organizations can rely on, and which offers security guarantees of covering every information asset of the company. Public sector's idiosyncrasy must be taken into account in this development, resulting in a general framework eligible for adoption by both public and private companies.
更多
查看译文
关键词
information security governance, security governance, comparative analysis, review, governance framework
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要