Managing Compliance with an Information Security Management Standard

Managing Compliance with an Information Security Management Standard

Heru Susanto (School of Business and Economics, University of Brunei Darussalam, Brunei Darussalam & The Indonesian Institute of Sciences, Indonesia) and Mohammad Nabil Almunawar (School of Business and Economics, University of Brunei Darussalam, Brunei Darussalam)
Copyright: © 2015 |Pages: 12
DOI: 10.4018/978-1-4666-5888-2.ch138

Chapter Preview



The rapid advancement of ICT and the growing dependency of organizations on ICT intensify concern on information security (Solms, 2001). Although most ICT systems are designed to have a considerable amount of strength in order to sustain and assist organizations in protecting information from security threats, they are not immune from those threats. Organizations are increasingly paying attention to information protection as the impact of information security breaches today have more tangible effects (Dlamini et al., 2009).

Key Terms in this Chapter

Infrastructure Security: The security measures to protect infrastructure, especially critical infrastructure, such as network communications, communication center, server center, database center, and IT center. Infrastructure security seeks to limit vulnerability of these structures and systems from sabotage, terrorism, and contamination.

Network Security: Provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network. It is involves the authorization of access to data in network, which is controlled by the administrator.

Cryptography-Digital Forensics: The process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read them and to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

Information Security: Policy and strategy of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status.

Essential Controls (ECs): The most important controls and concerned with the first security level within standards.

Statement of Applicability (SoA): The central document that defines how an organization will implement (or has implemented) an information security controls.

ISO 27001: The most popular information security standard was designed to ensure the selection of adequate and proportionate security controls to protect information assets. This standard is usually applicable to covers all types of organizations ( e.g . commercial enterprises, government agencies, and non-profit organizations) and all sizes from micro-businesses to huge multinationals.

STOPE Methodology: Abbreviation from stakeholder, technology, organization, people, and environment. The methodology for abstracts security controls and separate it to related domain was introduced by Bakry, 2008.

Complete Chapter List

Search this Book: