PhD. (Informatics) / Organizations become daily more dependent on information. Information is captured, processed, stored and distributed by the information resources and services within the organization. These information resources and services should be secured to ensure a high level of availability, integrity and privacy of this information at all times. This process is referred to as Information Security Management. The main objective of this, thesis is to identify all the processes that constitute Information Security Management and to define a metric through which the information security status of the organization can be measured and presented. It is necessary to identify an individual or a department which will be responsible for introducing and managing the information security controls to maintain a high level of security within the organization. The position .and influence of this individual, called the Information Security officer, and/or department within the organization, is described in chapter 2. The various processes and subprocesses constituting Information Security Management are identified and grouped in chapter 3. One of these processes, Measuring and Reporting, is currently very ill-defined and few guidelines and/or tools exist currently to help the Information Security officer to perform this task. For this reason the rest of the thesis is devoted to providing an effective means to enable the Information Security officer to measure and report the information security status in an effective way...
Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:uj/uj:12275 |
Date | 11 September 2014 |
Creators | Von Solms, Rossouw |
Source Sets | South African National ETD Portal |
Detected Language | English |
Type | Thesis |
Rights | University of Johannesburg |
Page generated in 0.0016 seconds