Positive and negative findings of the ISO/IEC 17799 framework

ACIS 2007 Proceedings - 18th Australasian Conference on Information Systems

Volumn , Issue , 2007, Pages 622-631

  Wiander, Timo ^a  

^a UNIVERSITY OF OULU   (Finland)

Author keywords

Information security management; ISO IEC 17799 standard

Indexed keywords

COMPETITIVE ADVANTAGE; EMPIRICAL EVIDENCE; END-PRODUCTS; INDIRECT EFFECTS; INFORMATION SECURITY MANAGEMENTS; INFORMATION SECURITY PRACTICE; ISO/IEC; SEMI STRUCTURED INTERVIEWS; TECHNICAL ASPECTS;

COMPETITION; INDUSTRIAL MANAGEMENT; INFORMATION SYSTEMS;

SECURITY OF DATA;

EID: 67650117172     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (35)

1. Baskerville, R. & Siponen, M.T. 2002, 'An Information Security Meta-policy for Emergent Organizations' Journal of Logistics Information Management, special issue on Information Security vol. 5-6, pp. 337-346.
2. Bishop, M. 2005, 'The insider problem revisited: The insider problem revisited' paper presented to workshop on New security paradigms NSPW '05.
3. Björk, F. 2006, Implementing Information Security Management Systems - An Empirical Study of Critical Success Factors, viewed 7.9.2006 http://www.dsv.su.se/~bjorck/files/bjorck-thesis.pdf#search=%22security%20scandinavian%20style%22.
4. Deloitte. 2005, Information security research, viewed 23.8.2006 http://www.deloitte.com/dtt/research/0,1015,sid=1013&cid=85452,00.html.
5. Dhillon, G. & Backhouse, J. 2000, 'Information system security management in the new millennium' Communications of the ACM vol. 43, issue 7, pp. 125-128.
6. Dhillon, G. & Backhouse, J. 2001, 'Current directions in IS security research: towards socio-organizational perspectives' Information Systems Journal vol. 11, issue 2, pp. 127-153.
7. DTI. 2005, The_Empirical_Economics_of_Standards viewed 27.11.2006 http://www.dti.gov.uk/files/file9655.pdf.
8. Eskola, J. & Suoranta, J. 2001, Johdatus laadulliseen tutkimukseen. (In Finnish). Vastapaino. Jyväskylä.
9. Eskola, J. & Vastamäki, J. 2001, Teemahaastattelu: opit ja opetukset. (In Finnish) In: Ikkunoita tutkimusmetodeihin I. Metodin valinta ja aineiston keruu: virikkeitä aloittelevalle tutkijalle. PS-kustannus. Gummerus kirjapaino Oy, Jyväskylä.
10. Ernst & Young. 2005, Global Information Security survey 2005 viewed 23.8.2006 http://int.sitestat.com/ernst-and-young/international/s?Global-Information-Security-survey-2005&ns_type=pdf.
11. Gerber, M. & von Solms, R. 2005, 'Management of risk in the information age' Computers & Security vol. 24, pp. 16-30.
12. Hirsjärvi, S. & Hurme, H. 2000, Tutkimushaastattelu. Teemahaastattelun teoria ja käytäntö. (In Finnish). Yliopistopaino. Helsinki.
13. Homeland. 2006, The Department of Homeland Security, USA viewed 24.8.2006 http://www.dhs.gov/dhspublic/
14. Im, G. P. & Baskerville, R. L. 2005, 'A longitudinal study of information system threat categories: the enduring problem of human error' ACM SIGMIS Database vol. 36, issue 4.
15. ISF. 2006, Information Security Forum viewed 22.6.2006 http://www.securityforum.org/html/frameset.htm.
16. ISFSTD. 2006, Information Security Forum. The Standard of Good Practice for Information Security viewed 25.8. http://www.isfsecuritystandard.com/index_ns.htm.
17. ISO/IEC 9000. 2000, ISO 9000-14000 standards viewed 16.9.2006 http://www.iso.org/iso/en/iso9000-14000/understand/selection_use/selection_use.html.
18. ISO/IEC 17799. 2005. ISO/IEC 17799:2005(E) International Organization for Standardization. Information Technology - Security Techniques - Code of Practice for Information Security Management. Geneva. ISO Copyright Office.
19. Klein, H. K & Myers, M. D. 1999, 'A set of principles for conducting and evaluating interpretive field studies in information systems' MIS Quarterly vol. 23, issue 1, pp. 67-88.
20. OECD. 2006. OECD Guidelines for the Security of Information Systems and Networks. [Web document.] Available: http://www.oecd.org/dataoecd/16/22/15582260.pdf. [Referenced 24.8.2006.]
21. O'Conor, M. 2005, 'The implications of Sarbanes-Oxley for non-US IT departments' Network Security vol. 2005, issue 7, pp. 17-20.
22. Pinder, P. 2006, 'Preparing Information Security for legal and regulatory compliance (Sarbanes-Oxley and Basel II)' Information Security Technical Report vol. 11, issue 1, pp. 32-38.
23. Relyea, H. C. 2004, 'Homeland security and information sharing: Federal policy considerations' Government Information Quarterly vol. 21, issue 4, pp. 420-438.
24. Schultz, E. E. 2004, 'Sarbanes-Oxley-a huge boon to information security' Computers & Security vol. 23, Issue 5, pp. 353-354.
25. Shephard, B. 2002, 'Information security-who cares?' Power System Management and Control Conference Publication No. 488, 17-19 April 2002, pp.124-129.
26. Siponen, M. T. 2005, 'Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods' Information and Organization vol. 15, issue 4, pp. 339-375.
27. Siponen, M.T. 2006, 'Information Security Standards Focus on the Existence of Process, Not Its Content?' Communications of the ACM vol. 49, issue 8, pp. 97-100.
28. von Solms, B. 2001, 'Information Security - A Multidimensional Discipline' Computers & Security vol. 20, pp. 504-508.
29. von Solms, B. 2005, 'Information Security governance: COBIT or ISO 17799 or both?' Computers & Security vol. 24, pp. 99-104.
30. von Solms, B. & von Solms R. 2004, 'The 10 deadly sins of information security management' Computers & Security vol. 23, issue 5, pp. 371-376.
31. von Solms, R. 1999, 'Information security management: why standards are important' vol. 7, issue 1, pp. 50-58.
32. Sutton, S. G. & Arnold V. 2005, 'The Sarbanes-Oxley Act and the changing role of the CIO and IT function' Int. J. Business Information Systems vol. 1, issues 1/2.
33. Theoharidou, M., Kokolakis, S., Karyda M. & Kiountouzis, E. 2005, 'The insider threat to information systems and the effectiveness of ISO17799' Computers & Security vol. 24, pp. 472-484.
34. Tong, C. K. S., Fung, K. H., Huang, H. Y. H. & Chan, K. K. 2003, 'Implementation of ISO17799 and BS7799 in picture archiving and communication system: local experience in implementation of BS7799 standard' International Congress Series.
35. Whitman, M. E. 2003, 'Enemy at the gate: threats to information security' Communications of the ACM vol. 46, Issue 8.