A framework for information security evaluation

  • von Solms R
  • van der Haar H
  • von Solms S
 et al. 
  • 0


    Mendeley users who have this article in their library.
  • 24


    Citations of this article.


Information Security Management consists of various facets, such as Information Security Policy, Risk Analysis, Risk Management, Contingency Planning and Disaster Recovery; these are all interrelated in some way, often causing uncertainty and confusion among top management. This paper proposes a model for Information Security Management, called an Information Security Management Model (ISM2), which puts all the various facets in context. The model consists of five different levels, defined on a security axis. ISM2introduces the idea of international security criteria or international security standards. The rationale behind these is to enable information security evaluation according to internationally accepted criteria. Due to the lack of internationally recognized and/or accepted information security standards and criteria, this model cannot be implemented in its totality at this time. A restricted form is implemented, forming an information security evaluation tool. This tool can be used for information security management with great success within an organization. © 1994.

Author-supplied keywords

  • Computer Security
  • Information security
  • Information security management
  • Security and protection

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Get full text


  • R. von Solms

  • H. van der Haar

  • S. H. von Solms

  • W. J. Caelli

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free