Information security requirements - Interpreting the legal aspects

Computers and Security

Volumn 27, Issue 5-6, 2008, Pages 124-135

  Gerber, Mariana ^a   von Solms, Rossouw ^a  

^a NELSON MANDELA METROPOLITAN UNIVERSITY   (South Africa)

Author keywords

Compliance; Information security; Information security management; Information security requirements; ISO IEC 17799; ISO IEC 27002; Legal requirements

Indexed keywords

CHLORINE COMPOUNDS; CLARIFICATION; INFORMATION SERVICES; LAWS AND LEGISLATION; LEACHING; STANDARDS;

BASEL II; COMPLIANCE; FOCAL POINTS; INFORMATION SECURITY; INFORMATION SECURITY MANAGEMENT; INFORMATION SECURITY REQUIREMENTS; ISO/IEC 17799; LEGAL ASPECTS; LEGAL REQUIREMENTS; RELEVANT INFORMATION; SECURITY AND PRIVACY;

SECURITY OF DATA;

EID: 53049103408     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2008.07.009     Document Type: Review

References (31)

1. About Intellectual Property; 2005. Retrieved June 8, 2006, from World Intellectual Propery Organization site: http://www.wipo.int/about-ip/en/.
2. Baldwin R., Scott C., and Hood C. Introduction. In: Baldwin R., Scott C., and Hood C. (Eds). Reader on Regulation (1998), Oxford University Press, Oxford
3. Brewer D, List W. Fast track ISMS certification; 2004. Retrieved May 17, 2006, from: http://www.gammassl.co.uk/topics/ics/FTISMS.pdf.
4. Casper C. Complicated compliance; 2004. Retrieved Sep 19, 2005 from Tech Update IT Management - ZDNet site: http://techupdate.zdnet.com/techupdate/stories/main/Complicated_Compliance_print.html.
5. Chetty K.D. Sources of law. In: Fouché M.A. (Ed). Legal Principles of Contracts and Commercial Law (2004), LexisNexis Butterworths, Durban
6. Compliance. Corporate governance and IT security; 2005. Retrieved May 21, 2006, from ARTICSOFT site: http://www.articsoft.com/encryption_security.htm.
7. European Documentation Centre; 2006. Retrieved September 14, 2007, from Leeds University Library site: http://www.leeds.ac.uk/library/subjects/edc/secondary.htm.
8. Fouché M.A. Introduction to the law of contract. In: Fouché M.A. (Ed). Legal Principles of Contracts and Commercial Law (2004), LexisNexis Butterworths, Durban 33-35
9. Gerber M., and von Solms R. The management of risk in the information age. Computers and Security 24 1 (2005) 16-30
10. Hahlo H.R., and Kahn E. The South African Legal System and Its Background. 2nd ed. (1973), Juta and Co., Cape Town
11. Hahlo HR, Kahn E; 2004. Retrieved May 23, 2006 from: http://www.bankseta.org.za/downloads/fais/business/CP1_LG_SEC1.doc.
12. History of 27000; March 5, 2006. Retrieved April 19, 2006 from GAMMA site: http://www.gammassl.co.uk/bs7799/history.html.
13. Hosten W.J., Edwards A.B., Bosman F., and Church J. Introduction to South African Law and Legal Theory (1995), Butterworths, Durban
14. Humphreys E.J., Moses R.H., and Plate A.E. Guide to BS 7799 Risk Assessment and Risk Management (1998), BSI, London
15. Improved ISO/IEC 17799 makes information assets even more secure; June 20, 2005. Retrieved April 10, 2006, from ©ISO: International Organization for Standardization site: http://www.iso.ch/iso/en/commcentre/pressreleases/archives/2005/Ref963.html.
16. ISO 27000 News; 2007. Retrieved August 15, 2007, from site: http://www.molemag.net/15.htm.
17. ISO/IEC 17799:2005. Information technology - security techniques - code of practice for information security management (2005, July 6). Retrieved April 19, 2006, from ©ISO: International Organization for Standardization site: http://www.iso.org/iso/en/prods-services/popstds/informationsecurity.html.
18. ISO/IEC 27002:2005 Information technology - security techniques - code of practice for information security management; April 10, 2007. Retrieved August 15, 2007, from ©ISO: International Organization for Standardization site: http://www.webstore.ansi.org/FindStandards.aspx?SearchString=27002&SearchOption=1&PageNum=0.
19. IT Governance Institute ™ (ITGI). Information Security Governance: Guidance for Boards of Directors and Executive Management (2001), Information Systems Audit and Control Foundation, United States of America
20. Kellaway E.A. Principles of Legal Interpretation - Statutes, Contracts & Wills (1995), Butterworth Publishers (Pty) Ltd, Durban
21. MSN Encarta - Dictionary; 2005. Retrieved May 23, 2006 from: http://encarta.msn.com/dictionary_1861625239/law.html.
22. Ogus A. Regulation: Legal Form and Economic Theory (1994), Claredon Press, Oxford
23. ®; n.d. Retrieved April 16, 2006 from CSO Online.com, The Resource for Security Executives site: http://www.csoonline.com/analyst/report3730.html.
24. ® 2003. Retrieved May 21, 2005 from CSOonline.com site: http://www.csoonline.com/analyst/report721.html.
25. ® Research: Security building blocks with ISO 17799. Presented at the Information Security Decisions Conference, New York; October 19-21, 2005. Retrieved May 3, 2006 from Security Search.com site: http://searchsecurity.techtarget.com/tip/1, 289483,sid14_gci1086284,00.html.
26. ® Research: Technology research and advice site: http://www.forrester.com/ER/Research/List/Analyst/Personal/0,830,00.html.
27. Schwartz M. Evaluating the New ISO 17799 Standard; September 6, 2005. Retrieved May 3, 2006, from ES: Enterprise Systems - Security site: http://www.esj.com/security/article.aspx?EditorialsID=1498.
28. In: Soanes C., and Stevenson A. (Eds). Concise Oxford English Dictionary. 11th ed. (2004), Oxford University Press, United States
29. Tarlton Law Library; 2000. Retrieved September 14, 2007 from The University of Texas - School of Law site: http://www.tarlton.law.utexas.edu/vlibrary/outlines/ukdelleg.html.
30. The History of ISO 17799 and BS 7799; n.d. Retrieved April 10, 2006 from: http://www.pc-history.org/17799.htm.
31. The ISO27k Standards; 2007. Retrieved August 15, 2007 from site: http://www.iso27001security.com/html/27002.html.