SCOPUS 정보 검색 플랫폼

Volumn 46, Issue 5, 2009, Pages 267-270

Information security management standards: Problems and solutions

b Copenhagen Business School ^* (Denmark)

Author keywords

Information security certification; Information security management; Information security management guidelines; Information security management standards; Information systems security

Indexed keywords

INFORMATION SECURITY CERTIFICATION; INFORMATION SECURITY MANAGEMENT; INFORMATION SECURITY MANAGEMENT GUIDELINES; INFORMATION SECURITY MANAGEMENT STANDARDS; INFORMATION SYSTEMS SECURITY;

COORDINATE MEASURING MACHINES; INDUSTRIAL MANAGEMENT; INFORMATION SYSTEMS; STANDARDS;

SECURITY OF DATA;

EID: 67651102640 PISSN: 03787206 EISSN: None Source Type: Journal
DOI: 10.1016/j.im.2008.12.007 Document Type: Article

Times cited : (250)

References (24)

1
- 33846027847
- Circuits of power in creating de jure standards: shaping an international information systems security standard
- Backhouse J., Hsu C., and Silva L. Circuits of power in creating de jure standards: shaping an international information systems security standard. MIS Quarterly 30 Special issue (2006) 413-438
- (2006) MIS Quarterly , vol.30 , Issue.SPEC. ISSUE , pp. 413-438
- Backhouse, J.¹ Hsu, C.² Silva, L.³

2
- 0013324190
- Risk analysis: an interpretative feasibility tool in justifying information systems security
- Baskerville R. Risk analysis: an interpretative feasibility tool in justifying information systems security. European Journal of Information Systems 1 2 (1991) 121-130
- (1991) European Journal of Information Systems , vol.1 , Issue.2 , pp. 121-130
- Baskerville, R.¹

3
- 0026398826
- Risk analysis as a source of professional knowledge
- Baskerville R. Risk analysis as a source of professional knowledge. Computers and Security 10 8 (1991) 749-764
- (1991) Computers and Security , vol.10 , Issue.8 , pp. 749-764
- Baskerville, R.¹

4
- 0027804413
- Information systems security design methods: implications for information systems development
- Baskerville R. Information systems security design methods: implications for information systems development. Computing Surveys 25 4 (1993) 375-414
- (1993) Computing Surveys , vol.25 , Issue.4 , pp. 375-414
- Baskerville, R.¹

5
- 67651114348
- 7799BS, Code of Practice for Information Security Management, Department of Trade and Industry, DISC PD003, British Standard Institute, London, UK 1995
- 7799BS, Code of Practice for Information Security Management, Department of Trade and Industry, DISC PD003, British Standard Institute, London, UK (1995).

6
- 67651085832
- BS7799-1, Code of Practice for Information Security Management, Department of Trade and Industry, 1999
- BS7799-1, Code of Practice for Information Security Management, Department of Trade and Industry, 1999.

7
- 67651092582
- BS ISO/IEC 17799:2000 (BS 7799-1:2000), Information Technology - Code of Practice for Information Security Management, British Standards Institute, 2000.
- BS ISO/IEC 17799:2000 (BS 7799-1:2000), Information Technology - Code of Practice for Information Security Management, British Standards Institute, 2000.

8
- 67651096331
- BS 7799-2:2002 Information security management systems - Specification with guidance for use, BSI, UK, 2002.
- BS 7799-2:2002 Information security management systems - Specification with guidance for use, BSI, UK, 2002.

9
- 67651090223
- Common Criteria, Common criteria for information technology security evaluation, 2006, http://www.commoncriteriaportal.org/public/consumer/index.php?menu=2.
- (2006) Common Criteria, Common criteria for information technology security evaluation

10
- 67651123428
- GASSP, Generally Accepted System Security Principles GASSP, Version 2.0, Information Systems Security, June, 8, no. 3, 1999
- GASSP, Generally Accepted System Security Principles (GASSP), Version 2.0, Information Systems Security, June, vol. 8, no. 3, 1999.

11
- 67651090224
- GAISP V3.0, 2003, http://www.issa.org/gaisp/_pdfs/v30.pdf.
- GAISP V3.0, 2003, http://www.issa.org/gaisp/_pdfs/v30.pdf.

12
- 67651125312
- GAISP
- GAISP, Detailed Principles Cookbook, 2003, http://www.issa.org/gaisp/_pdfs/v30.pdf.
- (2003) Detailed Principles Cookbook

13
- 33745620958
- System Security Engineering Capability Maturity Model
- UC Irvine, CA, USA
- R. Hefner, W. Monroe, System Security Engineering Capability Maturity Model, Conference on Software Process Improvement, UC Irvine, CA, USA, 1997.
- (1997) Conference on Software Process Improvement
- Hefner, R.¹ Monroe, W.²

14
- 0031166786
- Software quality and the capability model
- Herbsleb J., Zubrow D., Goldenson D., Hayes W., and Paulk M. Software quality and the capability model. Communications of the ACM 40 6 (1997) 30-40
- (1997) Communications of the ACM , vol.40 , Issue.6 , pp. 30-40
- Herbsleb, J.¹ Zubrow, D.² Goldenson, D.³ Hayes, W.⁴ Paulk, M.⁵

15
- 0011589973
- Security standards overview
- Hopkinson J. Security standards overview. Proceedings of the Second Annual International Systems Security Engineering Conference (2001)
- (2001) Proceedings of the Second Annual International Systems Security Engineering Conference
- Hopkinson, J.¹

16
- 67651085831
- Information Technology Security Evaluation Criteria (ITSEC), Harmonised Criteria of France, Germany, the Netherlands and the United Kingdom, 1990.
- Information Technology Security Evaluation Criteria (ITSEC), Harmonised Criteria of France, Germany, the Netherlands and the United Kingdom, 1990.

17
- 67651109261
- IT Baseline Protection Manual, BSI, Germany, 1996.
- IT Baseline Protection Manual, BSI, Germany, 1996.

18
- 67651101285
- Common criteria for IT security Evaluation - Update Report
- Cape Town, South Africa
- P. Overbeek, Common criteria for IT security Evaluation - Update Report, in: Proceedings of the IFIP TC11 Eleventh International Conference on Information Security, Cape Town, South Africa, 1995.
- (1995) Proceedings of the IFIP TC11 Eleventh International Conference on Information Security
- Overbeek, P.¹

19
- 0040964323
- Data processing - risk assessment
- Wofsey M. (Ed), John Wiley and Sons Ltd
- Saltmarsh T., and Browne P. Data processing - risk assessment. In: Wofsey M. (Ed). Advances in Computer Security Management vol. 2 (1983), John Wiley and Sons Ltd 93-116
- (1983) Advances in Computer Security Management , vol.2 , pp. 93-116
- Saltmarsh, T.¹ Browne, P.²

20
- 33747194078
- Information security standards focus on the existence of process not its content?
- Siponen M. Information security standards focus on the existence of process not its content?. Communications of the ACM 49 8 (2006) 97-100
- (2006) Communications of the ACM , vol.49 , Issue.8 , pp. 97-100
- Siponen, M.¹

21
- 36248967046
- Employees' adherence to information security policies: an empirical study
- Sandton, Gauteng, South Africa
- Siponen M., Pahnila S., and Mahmood A. Employees' adherence to information security policies: an empirical study. Proceedings of the IFIP SEC2007. Sandton, Gauteng, South Africa (2007)
- (2007) Proceedings of the IFIP SEC2007
- Siponen, M.¹ Pahnila, S.² Mahmood, A.³

22
- 67651092583
- and
- SSE-CMM, The Appraisal Method, v2.0 and v3.0, 1998, http://www.sse-cmm.org.
- (1998) The Appraisal Method

23
- 0000280419
- Effective IS security: an empirical study
- Straub D. Effective IS security: an empirical study. Information Systems Research 1 3 (1990) 255-276
- (1990) Information Systems Research , vol.1 , Issue.3 , pp. 255-276
- Straub, D.¹

24
- 0002699431
- Discovering and disciplining computer abuse in organizations: a field study
- Straub D., and Nance W. Discovering and disciplining computer abuse in organizations: a field study. MIS Quarterly 14 1 (1990) 45-60
- (1990) MIS Quarterly , vol.14 , Issue.1 , pp. 45-60
- Straub, D.¹ Nance, W.²

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.