Advanced search
Publication Cover
Information Systems Management Volume 24, 2007 - Issue 4
Submit an article Journal homepage
8,034
Views
129
CrossRef citations to date
0
Altmetric
REGULAR ARTICLES

An Information Security Governance Framework

A. Da Veiga PhD University of Pretoria, South Africa
&
J. H. P. Eloff PhD Department of Computer Science, University of Pretoria, South Africa
Pages 361-372 | Published online: 10 Dec 2007

REFERENCES

  • Baggett , W. O. 2003 . Creating a culture of security. . The Internal Auditor , 60 ( 3 ) : 37 – 41 .
  • Bresz , F. P. 2004 . People—Often the weakest link in security, but one of the best places to start. . Journal of Health Care Compliance , 6 ( 4 ) : 57 – 60 .
  • Cardinali , R. 1995 . Reinforcing our moral vision: Examining the relationship between unethical behaviour and computer crime. . Work Study. , 44 ( 8 ) : 11 – 18 .
  • COBIT security baseline—An information security survival kit. 2004 . Rolling Meadows , , USA : IT Governance Institute .
  • Da Veiga , A. , Martins , N. and Eloff , J. H. P. 2007 . Information security culture—validation of an assessment instrument. . Southern African Business Review , 11 ( 1 ) : 147 – 166 .
  • Donaldson , W. H. 2005 . “ U.S. capital markets in the post-Sarbanes-Oxley world: Why our markets should matter to foreign issuers. ” . In U.S. Securities and Exchange Commission. , London School of Economics and Political Science .
  • Electronic Communications and Transactions Act. (2002). Retrieved 12 January 2006 from site: http://www.acts.co.za/ect_act/
  • Eloff , J. H. P. and Eloff , M. 2005 . Integrated Information Security Architecture . Computer Fraud and Security , 2005 ( 11 ) : 10 – 16 .
  • Flowerday , S. and Von Solms , R. 2006 . Trust an element of information security. In ecurity and Privacy in Dynamic Environments. , 87 – 97 . Boston : Kluwer Academic Publishers . IFIP/SEC2005
  • Hellriegel, D., Slocum, J. W. (Jr), & Woodman, R. W. (1998). Organizational Behavior. (8th ed.). Cincinnati, OH: South-Western College Publishing. Holborn Books. Information Security architecture: An integrated approach to security in the organization (2005). Retrieved 18 April 2005 from: http://www.holbornbooks.co.uk/details.aspx?sn=1244811
  • ISO/IEC 17799 (BS 7799–1) (2005). Information technology. Security techniques. Code of practice for information security management, Britain.
  • ISO/IEC 27001 (BS 7799–2) (2005). Information technology. Security techniques. Information security management systems—requirements, Britain.
  • King Report. (2001). The King Report of corporate governance for South Africa. Retrieved 12 January 2006: http://www.iodsa.co.za/downloads/King%20II%20Report%20CDRom%20Brochure.pdf
  • Knapp , J. K. , Marshall , T. E. , Rainer , R. K. and Morrow , D. W. 2004 . Top ranked information security issues: The 2004 International Information Systems Security Certification Consortium (SIC) survey results. , Auburn , Alabama : College of Business Auburn University .
  • McCarthy , M. P. and Campbell , S. 2001 . Security Transformation. , McGraw-Hill : New York .
  • Martins , A. 2002 . Information Security Culture. , Johannesburg , , South Africa : Master's dissertation, Rand Afrikaans University .
  • Martins , A. and Eloff , J. H. P. 2002 . “ Information Security Culture ” . In Security in the information society. IFIP/SEC2002. , 203 – 214 . Boston : Kluwer Academic Publishers .
  • Martins , N. 2002 . A model for managing trust. . International Journal of Manpower. , 23 ( 8 ) : 754 – 769 .
  • The Concise Oxford Dictionary. 1983 . Edited by: Sykes , J. B. Oxford : Clarendon Press .
  • Posthumus , S. and Von Solms , R. 2005 . IT Governance. . Computer Fraud and Security. , 2005 ( 6 ) : 11 – 17 .
  • PriceWaterhouseCoopers. Information Security Breaches Survey. (2004). Retrieved 12 March 2005 from http://www.dti.gov.uk/industry_files/pdf/isbs_2004v3.pdf
  • Promotion of Access to Information Act. (2000). Retrieved 12 January 2006 from http://www.acts.co.za/prom_of_access_to_info/index.htm
  • Richards , N. 2002 . The critical importance of information security to financial institutions. . Business Credit , 104 ( 9 ) : 35 – 36 .
  • Robbins , S. 2001 . Organizational Behaviour. , 9th ed. New Jersey : Prentice Hall .
  • Ross , B. 2000 . New directives beef up trust in e-commerce. . Computer Weekly News. ,
  • Security. 2005 . Security, innovation head CIO's 2005 agenda. . Computer Fraud and Security , 2005 ( 1 ) : 1 – 2 .
  • Teufel , S. Information Security Management—State of the art and future trends. Proceedings of the Annual International Information Security South Africa (ISSA) conference. Johannesburg , SA : UNISA Press .
  • Tretic , B. 2001 January . Can you keep a secret? . Intelligent Enterprise , 4 ( 1 )
  • Trompeter , C. M. and Eloff , J. H. P. 2001 . A framework for the implementation of Socio-ethical controls in Information Security. . Computers and Security , 20 ( 5 ) : 384 – 391 .
  • Tudor , J. K. 2000 . Information Security Architecture—An integrated approach to security in an organization. , Boca Raton , FL : Auerbach .
  • Verton , D. 2000 . Companies aim to build security awareness. . Computerworld , 34 ( 48 ) : 24
  • Von Solms , R. 1997 . Driving safely on the information superhighway. . Information Management & Computer Security , 5 ( 1 ) : 20 – 22 .
  • Von Solms , B. 2000 . Information security—The third wave? . Computers and Security , 19 ( 7 ) November : 615 – 620 .
  • Von Solms , S. H. 2005 . Information Security Governance—Compliance management vs. operational Management. . Computers and Security , 24 ( 6 ) : 443 – 447 .
  • Von Solms , S. H. 2006 . Information Security—The fourth wave. . Computers and Security. , 25 ( 2006 ) : 165 – 168 .
  • Vroom , C. and Von Solms , R. 2004 . Towards information security behavioural compliance. . Computers and Security , 23 ( 33 ) : 191 – 198 .
  • Witty, R. J. & Hallawell, A. (2003). Client issues for security policies and architecture. Gartner. ID number: K-20-7780.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.