- Title
- Governing information security using organisational information security profiles
- Creator
- Tyukala, Mkhululi
- Subject
- Data protection
- Subject
- Computer security -- Management
- Subject
- Computer networks -- Security measures
- Date Issued
- 2007
- Date
- 2007
- Type
- Thesis
- Type
- Masters
- Type
- MTech
- Identifier
- vital:9788
- Identifier
- http://hdl.handle.net/10948/626
- Identifier
- Data protection
- Identifier
- Computer security -- Management
- Identifier
- Computer networks -- Security measures
- Description
- The corporate scandals of the last few years have changed the face of information security and its governance. Information security has been elevated to the board of director level due to legislation and corporate governance regulations resulting from the scandals. Now boards of directors have corporate responsibility to ensure that the information assets of an organisation are secure. They are forced to embrace information security and make it part of business strategies. The new support from the board of directors gives information security weight and the voice from the top as well as the financial muscle that other business activities experience. However, as an area that is made up of specialist activities, information security may not easily be comprehended at board level like other business related activities. Yet the board of directors needs to provide oversight of information security. That is, put an information security programme in place to ensure that information is adequately protected. This raises a number of challenges. One of the challenges is how can information security be understood and well informed decisions about it be made at the board level? This dissertation provides a mechanism to present information at board level on how information security is implemented according to the vision of the board of directors. This mechanism is built upon well accepted and documented concepts of information security. The mechanism (termed An Organisational Information Security Profile or OISP) will assist organisations with the initialisation, monitoring, measuring, reporting and reviewing of information security programmes. Ultimately, the OISP will make it possible to know if the information security endeavours of the organisation are effective or not. If the information security programme is found to be ineffective, The OISP will facilitate the pointing out of areas that are ineffective and what caused the ineffectiveness. This dissertation also presents how the effectiveness or ineffctiveness of information security can be presented at board level using well known visualisation methods. Finally the contribution, limits and areas that need more investigation are provided.
- Format
- vii, 174 leaves
- Format
- Publisher
- Nelson Mandela Metropolitan University
- Publisher
- Faculty of Engineering, the Built Environment and Information Technology
- Language
- English
- Rights
- Nelson Mandela Metropolitan University
- Hits: 1752
- Visitors: 1849
- Downloads: 143
Collections
NMMU School of Information and Communication Technology
| Thumbnail | File | Description | Size | Format | |||
|---|---|---|---|---|---|---|---|
| View Details Download | SOURCEPDF | 491 KB | Adobe Acrobat PDF | View Details Download |