A framework for information security evaluation

  • von Solms R
  • van der Haar H
  • von Solms S
 et al. 
  • 0

    Readers

    Mendeley users who have this article in their library.
  • 24

    Citations

    Citations of this article.

Abstract

Information Security Management consists of various facets, such as Information Security Policy, Risk Analysis, Risk Management, Contingency Planning and Disaster Recovery; these are all interrelated in some way, often causing uncertainty and confusion among top management. This paper proposes a model for Information Security Management, called an Information Security Management Model (ISM2), which puts all the various facets in context. The model consists of five different levels, defined on a security axis. ISM2introduces the idea of international security criteria or international security standards. The rationale behind these is to enable information security evaluation according to internationally accepted criteria. Due to the lack of internationally recognized and/or accepted information security standards and criteria, this model cannot be implemented in its totality at this time. A restricted form is implemented, forming an information security evaluation tool. This tool can be used for information security management with great success within an organization. © 1994.

Author-supplied keywords

  • Computer Security
  • Information security
  • Information security management
  • Security and protection

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Get full text

Authors

  • R. von Solms

  • H. van der Haar

  • S. H. von Solms

  • W. J. Caelli

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free