Information Security Governance: When Compliance Becomes More Important than Security

机译：信息安全治理：当合规性比安全性变得更重要时

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational security practices, this may not be sufficient in the current dynamic security environment. Organizational information security must adapt to changing conditions by extending security governance to middle management as well as systemetwork administrators. Unfortunately the lack of clear business security objectives and strategies at the business unit level is likely to result in a compliance culture, where those responsible for implementing information security are more interested in complying with organizational standards and policies than improving security itself.

机译：当前的安全治理通常基于集中式决策模型，并且仍然使用无效的20世纪风险管理方法来实现安全性。这种方法相对易于管理，因为在需要做出大多数决策的最高企业级别以下，几乎不需要安全治理。但是，尽管可以发挥更多的公司治理，新法规和改进的最佳实践规范来解决当前薄弱的组织安全实践的作用，但这在当前动态的安全环境中可能还不够。组织信息安全必须通过将安全管理扩展到中层管理人员以及系统/网络管理员来适应不断变化的情况。不幸的是，在业务部门级别上缺乏明确的业务安全目标和策略很可能导致合规文化，在该文化中，负责实施信息安全的人员对遵守组织标准和策略更感兴趣，而不是改善安全性本身。

著录项

来源
《Security and privacy-silver linings in the cloud》|2010年|p.55-67|共13页
会议地点 Brisbane(AU);Brisbane(AU);Brisbane(AU);Brisbane(AU)
作者
Terence C.C. Tan; Anthonie B. Ruighaver; Atif Ahmad;
展开▼
作者单位

Department of Information Systems, The University of Melbourne, Melbourne. Australia;

School of Information Systems, Deakin University, Melbourne. Australia;

Department of Information Systems, The University of Melbourne, Melbourne. Australia;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类安全保密;
关键词
security culture; decentralized decision making; security strategic context; business security strategies;

机译：安全文化；分散决策；安全战略背景；商业安全策略;

相似文献

外文文献
中文文献
专利

1. What do we know about information security governance? 'From the basement to the boardroom': towards digital security governance [J] . Stef Schinagl, Abbas Shahim Information & computer security . 2020,第2期

机译：我们如何了解信息安全治理？ '从地下室到董事会的地下室'：走向数字安全治理
2. Transforming information security governance in India (A SAP-LAP based case study of security, IT policy and e-governance) [J] . Rashmi Anand, Sanjay Medhavi, Vivek Soni, Information management & computer security . 2018,第1期

机译：转变印度的信息安全治理（基于SAP-LAP的安全性，IT策略和电子政务案例研究）
3. Patching security governance: an empirical view of emergent governance mechanisms for cybersecurity [J] . Van Eeten Michel J.G. Info . 2017,第6期

机译：修补安全治理：网络安全紧急治理机制的实证研究
4. Information Security Governance: When Compliance Becomes More Important than Security [C] . Terence C.C. Tan, Anthonie B. Ruighaver, Atif Ahmad IFIP TC 11 international information security conference . 2010

机译：信息安全治理：当合规性变得比安全性更重要时
5. UNIX Administrator Information Security Policy Compliance: The Influence of a Focused Seta Workshop and Interactive Security Challenges on Heuristics and Biases [D] . McConnell, John Palmer, Jr. 2020

机译：UNIX管理员信息安全策略合规性：对机启发式和偏见的互动安全挑战的影响
6. Can experience-based household food security scales help improve food security governance? [O] . Rafael Pérez-Escamilla -1

机译：可以体验的家庭食品安全秤有助于改善粮食安全治理吗？
7. Information Security Governance: When Compliance Becomes more Important than Security [O] . Terence Tan, Anthonie B. Ruighaver, Atif Ahmad 2015

机译：信息安全治理：合规性变得比安全更重要

Information Security Governance: When Compliance Becomes More Important than Security

摘要

著录项

相似文献

相关主题

期刊订阅