Bridging the gap between general management and technicians - A case study on ICT security in a developing country

Computers and Security

Volumn 26, Issue 1, 2007, Pages 44-55

  Bakari, Jabiri Kuwe ^a   Tarimo, Charles N ^a   Yngström, Louise ^a   Magnusson, Christer ^a   Kowalski, Stewart ^a  

^a ROYAL INSTITUTE OF TECHNOLOGY   (Sweden)

Author keywords

ICT security management; ICT related risks; Management; Organisations; Perception problem; Technicians

Indexed keywords

INFORMATION MANAGEMENT; PROBLEM SOLVING; SOCIETIES AND INSTITUTIONS; STRATEGIC PLANNING;

ICT SECURITY MANAGEMENT; ICT-RELATED RISKS; PERCEPTION PROBLEM;

SECURITY OF DATA;

EID: 33846796373     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2006.10.007     Document Type: Article

References (21)

1. Alberts C., and Dorofee A. Managing information security risks: the OCTAVE approach (2003), Addison Wesley. 0-321-11886-3
2. Bakari JK. Towards a holistic approach for managing ICT security in developing countries: a case study of Tanzania. Ph.L. thesis, SU-KTH, Stockholm. DSV report Series 05-011; 2005.
3. Bakari JK, Tarimo CN, Yngström L, Magnusson C. State of ICT security management in the institutions of higher learning in developing countries: Tanzania case study. In: The 5th IEEE ICALT, Kaohsiung, Taiwan; 2005a. p. 1007-11.
4. Bakari JK, Magnusson C, Tarimo CN, Yngström, L. Ensuring ICT risks using EMitL tool: an empirical study, IFIP TC-11 WG 11.1 & WG 11.5 joint working conference on security management, integrity, and internal control in information systems, December 1-2, Fairfax, Virginia, Washington, US; 2005b. p. 157-73.
5. Bishop M. Computer security, art and science (2003), Addison Wesley. 0-201-44099-7
6. Bjorck F. Security Scandinavian style, interpreting the practice of managing information security in organisations. Ph.L. theses, Department of Computer and Systems Science, University of Stockholm and the Royal Institute of Technology, Stockholm; 2001.
7. Blakley B., McDermott E., and Geer D. Information security is information risk management. Proceedings of the 2001 workshop on new security paradigms (September 2001), ACM Press, New York, NY, USA
8. Casmir R. A dynamic and adaptive information security awareness (DAISA) approach. Ph.D Thesis, SU-KTH, Stockholm; 2005. No. 05-020.
9. Chaula JA. Security metrics and public key infrastructure interoperability testing. Ph.L Thesis, SU-KTH, Stockholm, DSV report Series 03-021; 2003.
10. Caralli A.R. Managing for enterprise security (December 2004), Carnegie Mellon University, USA
11. ISACA. ; 2005 [last accessed on 20 October 2005].
12. ISO 17799 Standard.
13. ITIL. ; 2005 [last accessed on April 2005].
14. Kowalski S. IT insecurity: a multi-disciplinary inquiry. Ph.D. Thesis, Department of Computer and Systems Sciences, University of Stockholm and the Royal Institute of Technology, Stockholm; 1994. ISBN: 91-7153-207-2.
15. Magnusson C. Hedging shareholders value in an IT dependent business society. The framework Brits. Ph.D Thesis, Department of Computer and Systems Science, University of Stockholm and the Royal Institute of Technology, Stockholm; 1999.
16. Solms B.V., and Solms R.V. The 10 deadly sins of information security management. Computers & Security, 0167-4048 23 5 (2004) 371-376
17. Solms B.V. Information security governance: COBIT or ISO 17799 or both?. Computer & Security 24 (2005) 99-104
18. Posthumus S., and Solms R.V. A framework for the governance of information security. (Elsevier Ltd.). Computers & Security 23 (2004) 638-646
19. Posthumus S, Solms RV. A responsibility framework for information security. In: IFIP TC-11 WG 11.1 & WG 11.5 joint working conference on security management, integrity, and internal control in information systems, Fairfax, Virginia, Washington, US; 1-2 December 2005. p 205-21.
20. Tarimo C.N. Towards a generic framework for implementation and use of intrusion detection systems. Stockholm University/Royal Institute of Technology, Report series No. 2003-022, SU-KTH/DSV/R - 2003-SE; December 2003.
21. Wilson M, Hash J. Building an information technology security awareness and training program. NIST Special publication 800-50; October 2003.