| Authors: | Tsohou A., Kokolakis S., Lambrinoudakis C., Gritzalis S. |
|---|
| Title: | A Security Standards’ Framework to facilitate Best Practices’ Awareness and Conformity |
|---|
| Journal: | Information Management & Computer Security |
|---|
| Volume: | 18 |
|---|
| Number: | 5 |
|---|
| Pages: | 350-365 |
|---|
| Year: | 2010 |
|---|
| Publisher: | Emerald |
|---|
| To appear: | No |
|---|
| Link: | http://www.emeraldinsight.com/journals.htm?issn=0968-5227&volume=18&issue=5&articleid=1896386&show=pdf |
|---|
| ISI: | No |
|---|
| Impact Factor: | |
|---|
| File name: | |
|---|
| Abstract: | Purpose – Recent information security surveys indicate that both the acceptance of international
standards and the relative certifications increase continuously. However, it is noted that still the
majority of organizations does not know the dominant security standards or does not fully implement
them. The aim of this paper is to facilitate the awareness of information security practitioners
regarding globally known and accepted security standards, and thus, contribute to their adoption.
Design/methodology/approach – The paper adopts a conceptual approach and results in a
classification framework for categorizing available information security standards. The classification
framework is built in four layers of abstraction, where the initial layer is founded in ISO/IEC
27001:2005 information security management system.
Findings – The paper presents a framework for conceptualizing, categorizing and interconnecting
available information security standards dynamically.
Research limitations/implications – The completeness of the information provided in the paper
relies on the pace of standards’ publications; thus the information security standards that have been
classified in this paper need to be updated when new standards are published. However, the proposed
framework can be utilized for this constant effort.
Practical implications – Information security practitioners can benefit by the proposed framework
for available security standards and effectively invoke the relevant standard each time. Guidelines for
utilizing the proposed framework are presented through a case study.
Originality/value – Although the practices proposed are not innovative by themselves, the
originality of this work lies on the best practices’ linkage into a coherent framework that can facilitate
the standards diffusion and systematic adoption. |
|---|
Greek