Abstract
Information security management needs a paradigm shift in order to successfully protect information assets. Organisations must change to the holistic management of information security, requiring a well-established Information Security Management System (ISMS). An ISMS addresses all aspects in an organisation that deals with creating and maintaining a secure information environment. Organisational management and their staff to manage information security cost-effectively can use the ISMS. It can also help with the assessment of the trustworthiness of an organisation's information security arrangements by other organisations. An intelligent mix of aspects such as policies, standards, guidelines, codes-of-practice, technology, human issues, legal and ethical issues constitute an ISMS. Ideally organisations should opt for a combination of these different aspects in establishing an ISMS. The initial combination of all the aspects might by a bridge too far when embarking on the establishment of an ISMS, forcing organisations to take a 'phased' approach. One approach can be to implement the controls as contained in a standard such as ISO17799. In this case information security is driven from a management process point of view and referred to as 'process security'. Another approach that also complement or add to process security, is to use certified products in the IT infrastructure environment when possible. The approach here focuses on technical issues and is referred to as 'product security'.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
