JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Munyiri, E
|
|
| dc.contributor.author | Von Solms, R
|
|
| dc.contributor.editor | Petkov, D.
|
|
| dc.contributor.editor | Venter, L.
|
|
| dc.date.accessioned | 2018-08-19T13:35:42Z | |
| dc.date.available | 2018-08-19T13:35:42Z | |
| dc.date.issued | 1998 | |
| dc.identifier.citation | Munyiri, E. & Von Solms, R. (1998) Introducing information security: a comprehensive approach. Proceedings of the annual research and development symposium, SAICSIT (South African Institute for Computer Scientists and Information Technologists), Van Riebeeck Hotel, Gordons Bay, Cape Town, 23-24 November 1998, | en |
| dc.identifier.isbn | 1-86840-303-3 | |
| dc.identifier.uri | http://hdl.handle.net/10500/24717 | |
| dc.description.abstract | Information has become a very important asset in most organizations today. For this reason, it is imperative that information and the associated resources are properly protected. Traditionally, information assets were protected through a set of physical and technical controls, introduced and maintained by the technical personnel in the Information Services Department. This scenario is no longer adequate and information security needs to be introduced, maintained and managed in a much more comprehensive way to ensure a proper and acceptable level of protection in modern business. The bulk of employees in an everyday organization work with information in an electronic format, and a large percentage of these people are barely computer literate, not to mention information security literate. A second aspect that was not addressed traditionally was the involvement of top management in the process of introducing information security. Information security is a business issue and not a technical issue any longer. For this reason, information security objectives, strategies and policies are required to introduce security in an orderly way into the organization. Therefore, a total new approach to introducing information security into an organization is required in the modern organization, specifically because information security and electronic commerce go hand in hand. The objective of this paper is to introduce a new comprehensive approach to introduce information security in an organization. This approach will ensure that all information security objectives and policies are in line with business objectives and policies. This approach will also ensure that the most effective set of security controls is identified, introduced and maintained. Further, that a set of associated procedures accompanies each security control to ensure effectiveness. Through this approach, top management will get involved in the process and every user of information or associated resources will be forced to follow specific procedures to ensure a proper level of information security. This new comprehensive approach to information security is the result of an extended research project and the results are currently being implemented in a software tool, called the Information Security Toolbox. Information Security Toolbox will be a forms-driven system that will cater specifically for small to medium sized organizations, but should also be useable in larger environments. | en |
| dc.language.iso | en | en |
| dc.title | Introducing information security: a comprehensive approach | en |
