Title
A Formalized Approach to the Effective Selection and Evaluation of Information Security Controls
Abstract
Electronic commerce holds many advantages for the commercial world, but before it can really take off, the associated information security problems need to be addressed satisfactorily. The identification, implementation and management of the most effective set of controls to provide an adequate level of security is the first step towards this goal. The second step is the possible evaluation and certification of the installed controls in an IT-environment. The selection of the security controls should be driven by the business needs and the associated security requirement. This security requirement should be clearly defined in the information security policy and the security policy should dictate the set of controls that will provide the required protection. If this set of controls can be evaluated and certified as meeting the business needs of the organization, the trust that is required for electronic commerce can be provided. This paper will provide a formalized approach towards identifying a set of controls meeting the business needs and also suggest a model whereby this can be evaluated and certified.
Year
DOI
Venue
2000
10.1016/S0167-4048(00)87829-3
Computers and Security
Keywords
Field
DocType
security policy,electronic commerce,information security
Security controls,Computer security,Computer science,Certified Information Security Manager,Information security,Security service,Cloud computing security,Security information and event management,Information security audit,Computer security model
Journal
Volume
Issue
ISSN
19
2
Computers & Security
Citations 
PageRank 
References 
14
1.46
3
Authors
2
Name
Order
Citations
PageRank
Lynette Barnard1557.38
Rossouw Von Solms2102598.95