Skip to Main content Skip to Navigation
Conference papers

Information Security Governance: When Compliance Becomes More Important than Security

Abstract : Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational security practices, this may not be sufficient in the current dynamic security environment. Organizational information security must adapt to changing conditions by extending security governance to middle management as well as system/network administrators. Unfortunately the lack of clear business security objectives and strategies at the business unit level is likely to result in a compliance culture, where those responsible for implementing information security are more interested in complying with organizational standards and policies than improving security itself.
Document type :
Conference papers
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, August 7, 2014 - 11:43:20 AM
Last modification on : Monday, March 18, 2019 - 6:36:10 PM
Long-term archiving on: : Wednesday, November 26, 2014 - 1:31:13 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Terence C. C. Tan, Anthonie B. Ruighaver, Atif Ahmad. Information Security Governance: When Compliance Becomes More Important than Security. 25th IFIP TC 11 International Information Security Conference (SEC) / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. pp.55-67, ⟨10.1007/978-3-642-15257-3_6⟩. ⟨hal-01054503⟩



Record views


Files downloads