Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Entire DC Network
The Information Security Ownership Question In Iso/Iec 27001 – An Implementation, Lizzie Coles-Kemp, Richard E. Overill
The Information Security Ownership Question In Iso/Iec 27001 – An Implementation, Lizzie Coles-Kemp, Richard E. Overill
Australian Information Security Management Conference
The information security management standard ISO/IEC 27001 is built on the notion that information security is driven by risk assessment and risk treatment. Fundamental to the success of risk assessment and treatment is the decision making process that takes risk assessment output and assigns decisions to this output in terms of risk treatment actions. It is argued that the effectiveness of the management system lies in its ability to make effective, easytoimplement and measurable decisions. One of the key issues in decision making is ownership. In this paper two aspects of information security ownership are considered: ownership of the asset …