The 10 Deadly Sins of Information Security Management
Professors Basie & Rossouw Von Solms identify 10 essential aspects, which, if not taken into account in an Information Security Governance Plan, will surely cause the Plan to fail, or at least, cause serious flaws in the Plan.
These 10 aspects can be used as a checklist by management to ensure that a comprehensive Plan has been defined and introduced.
- Not realizing that Information Security is a Corporate Governance responsibility (The buck stops right at the top).
- Not realizing that Information Security is a business issue and not a technical issue.
- Not realizing the fact that Information Security Governance is a multi-dimensional discipline (Information Security Governance is a complex issue, and there is no silver bullet or single ‘off the shelf’ solution).
- Not realizing that an Information Security Plan must be based on identified risks.
- Not realizing (and leveraging) the important role of international Best Practices for Information Security Management.
- Not realizing that a Corporate Information Security Policy is absolutely essential.
- Not realizing that Information Security Compliance enforcement and monitoring is absolutely essential.
- Not realizing that a proper Information Security Governance structure (organization) is absolutely essential.
- Not realizing the core importance of Information Security Awareness amongst users.
- Not empowering Information Security Managers with the infrastructure, tools and supporting mechanisms to properly perform their responsibilities.
The full text of this paper can be download from here.
The authors of the paper are:
Prof Basie von Solms
RAU-Standard Bank Academy for Information Technology
Rand Afrikaans University
Johannesburg, South Africa
Prof Rossouw von Solms
Faculty for Computer Studies
PE Technikon
Port Elizabeth, South Africa
Labels: Segurança da Informação
Data 26.10.05
