Information used by organisations is a valuable asset and has to be protected from the loss of integrity, confidentiality and availability. Information protection can be achieved through effective management, with meaningful board oversight. In an attempt to identify a generic methodology for the implementation of an information security management system, existing methodologies were investigat...

This paper identifies 10 essential aspects, which, if not taken into account in an information security governance plan, will surely cause the plan to fail, or at least, cause serious flaws in the plan. These 10 aspects can be used as a checklist by management to ensure that a comprehensive plan has been defined and introduced. a 2004 Elsevier Ltd. All rights reserved.

With the continued expansion of corporate information systems and the increasing use of networks, information security management (ISM) has become more important than ever. However, few empirical studies have examined the effects of firms’ internal and external factors on their ISM processes. This study investigates the role of Need Pull and Technology Push on the ISM process, and examines the ...

The status of information security in Australian medical general practice is discussed together with a review of the challenges facing small practices that often lack the technical knowledge and skill to secure patient information by themselves. It is proposed that an information security governance framework is required to assist practices in identifying weaknesses and gaps and then to plan an...

Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation ISMS are processes. However, in spite its importance, process framework wi...