first firewall). Today's attackers are not just exploiting software vulnerabilities, but more and more human vulnerabilities" (Jacobsen, 2011)
smart phones stop working. Next follow outages in wireline telephone service, problems with air traffic control, disruptions to the New York Stock Exchange, and eventually severe loss of power on America's East Coast" (Pfleeger & Pfleeger, 2011, 3)
"Siemens equipment…called Industrial Control Systems or ICS, is the product targeted by Stuxnet, the sophisticated computer worm discovered last year to have crippled Iran's nuclear power program. Stuxnet reprogrammed the computer-controlled centrifuges used to enrich uranium so that they spun out of control and destroyed themselves" (Waterman, 2011)
While deploying information security some factors need to be considered for instance processes like de-registration and registration and people aspects like teaching, observance, leading etc. With the evolvement of information security, the focus has been transferred toward a governance-orientated and people-oriented approach (Baggett, 2003)
Features like technical expertise, experience and resources dedicated to the enterprise security architecture (McCarthy and Campbell, 2001). Well designed laws and regulations are required to enhance information security policies on national and international basis such as: Health Insurance Portability and Accountability Act HIP AA (Bresz, 2004), the Serbanes-Oxlay Act given by (Donaldson, 2005), The Electronic Communications and transactions Act known as ECT presented in 2002, the King Report (2001), the Promotion of Access to Information Act called PROATIA (2000)
The management is entrusted with the responsibility of instilling the ethical standards of conduct. These standards actually form rules and regulations which are enforced by an organization and followed by its employees (Cardinali, 1995)
When leading the information security in any company, many researchers consider reliance, ethical conduct and corporate governance to be the key features of any approach. These features are, however, lacking in the above mentioned approaches (Donaldson, 2005; Flowerday & Von Solms, 2006; Trompeter & Eloff, 2001)
The new governance structure is relying on technological, practical and individuals' behavioral mechanism to reach a particular spot of indication for governing information security. Four approaches, which are approaches that are being assessed in this paper are as follows; PROTECT (Eloff & Eloff, 2005), ISO 17799 (2005), the Information security Architecture (ISA) (Tudor, 2000), and the Capability Maturity Model (McCarthy & Campbell, 2001)
The new governance structure is relying on technological, practical and individuals' behavioral mechanism to reach a particular spot of indication for governing information security. Four approaches, which are approaches that are being assessed in this paper are as follows; PROTECT (Eloff & Eloff, 2005), ISO 17799 (2005), the Information security Architecture (ISA) (Tudor, 2000), and the Capability Maturity Model (McCarthy & Campbell, 2001)
In fact it should be adopted as a culture within the organization. Acceptance of information security as a culture means the adoption of an approach which promotes the inclusion of information security in a manner that all the activities being conducted within an organization take place in its presence (Martins & Eloff, 2002)
In fact it should be adopted as a culture within the organization. Acceptance of information security as a culture means the adoption of an approach which promotes the inclusion of information security in a manner that all the activities being conducted within an organization take place in its presence (Martins & Eloff, 2002)
These factors also guide management on how to control and hold the organization. These measures should also clarify the employee's expectations and how they should behave (Richards, 2002)
The management needs to trust employees for their adherence to information security policies when IS governance framework is being implemented. On the other hand, the employees trust the management for their commitment towards information security (Robbins, Odendaal, & Roodt, 2001)
The maintenance of good relations with business partners, suppliers and customers is largely dependent on privacy (Tretic, 2001). No privacy in business implies 'no trust' (Rosss, 2001)
An organization could maintain such a bond by depicting the security of information and assets and showing the compliance of the employees with the requirements. The maintenance of good relations with business partners, suppliers and customers is largely dependent on privacy (Tretic, 2001)
The new governance structure is relying on technological, practical and individuals' behavioral mechanism to reach a particular spot of indication for governing information security. Four approaches, which are approaches that are being assessed in this paper are as follows; PROTECT (Eloff & Eloff, 2005), ISO 17799 (2005), the Information security Architecture (ISA) (Tudor, 2000), and the Capability Maturity Model (McCarthy & Campbell, 2001)
Background The so-called initial stage of information security was characterized by a scientific approach in securing the environment of Information Technology. With the passage of time it was realized by the "technical people" working in an organization that the role of management in information security is imperative and it is essential to involve the top management (Von Solms, 2000)
Background The so-called initial stage of information security was characterized by a scientific approach in securing the environment of Information Technology. With the passage of time it was realized by the "technical people" working in an organization that the role of management in information security is imperative and it is essential to involve the top management (Von Solms, 2000)
Background The so-called initial stage of information security was characterized by a scientific approach in securing the environment of Information Technology. With the passage of time it was realized by the "technical people" working in an organization that the role of management in information security is imperative and it is essential to involve the top management (Von Solms, 2000)
Background The so-called initial stage of information security was characterized by a scientific approach in securing the environment of Information Technology. With the passage of time it was realized by the "technical people" working in an organization that the role of management in information security is imperative and it is essential to involve the top management (Von Solms, 2000)