Knowledge Management (KM), Quality Management (QM) and Safety Management (SM) are mature fields that have evolved and improved over time. Information security management (ISM) has aspects of these fields. E.g. tougher customer demands require continuous quality improvement, while new threats create a need for constantly improved security. Information technology brings new opportunities, but also challenges for KM, as it does for security. Organizations must comply with increasingly stricter safety laws, analogous to ISM requirements given by e.g. the Sarbanes-Oxley act. Research and practical experiences in KM, QM and SM have generated valuable insights that the younger, immature field of ISM can learn from. We present ten lessons and apply them to ISM. Key insights include the emphasis of good implementation over selection of model, the necessity of multi disciplinary teams, long term thinking, measurement, visualizing security costs, benchmarking, continuous improvement, collaboration, going beyond compliance and security as a competitive advantage. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Sveen, F. O., Torres, J. M., & Sarriegi, J. M. (2007). Learning from your elders: A shortcut to information security management success. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4680 LNCS, pp. 224–237). Springer Verlag. https://doi.org/10.1007/978-3-540-75101-4_21
Mendeley helps you to discover research relevant for your work.