Information Security Governance

The increased dependency of organizations (companies, agencies, associations etc.) on information technology has entailed the growing importance of Information Security, making it a critical success factor. At the same time the complexity of Information Security has increased significantly over the last years and it has furthermore been subject to legal specifications like SOX and EUROSOX. In order to handle the raised demands of Information Security and conform to legal requirements, it is essential for organizations to move away from pure IT security (firewall, anti-virus, etc.) and introduce a solid Information Security Governance, which also emphasizes the responsibility of the board and top management. Central part of an Information Security Governance is the Information Security Management System (ISMS). This book describes the motivation and the necessary steps for the implementation of such an ISMS from a Governance point of view in order to contribute optimally to the success of an organization. Furthermore this book also highlights the significance of certification in the area of Information Security and presents possible achievements (ISO 27001, BSI IT-Grundschutz).