BORIS - Business-Oriented Management of Information Security

The present paper aims to successfully deal with the needs of information security functions by providing a management tool which links business and information security objectives. In the past terms, information security has become fortunately a top management topic due to the recognition of the continuously increasing dependencies of the overall business success on secure information and information processing technologies and means. While the focus of information security management primary lay on the implementation of solutions to assure the achievement of the enterprises’ security objectives and their management, the business oriented management objectives were typically not regarded as major concern. Today, information security management executives are severely confronted with a different situation. An increasing pressure forces them to manage the security measures not only using their security but also business glasses. To handle this challenge, a framework is presented in this paper. It supports any information security functions with a strong economic focus whereby it specifically links business and information security objectives. The core of the presented methodology has proven to be reliable, user friendly, consistent and precise under real conditions over several years.