Abstract

RASTOGI, R  and  VON SOLMS, R. Information security service management. JCMAN [online]. 2012, vol.9, n.1, pp.257-278. ISSN 1815-7440.

This paper proposes Information Security Service Management (ISSM) as an improved alternative to the present-day approach to information security management in the organisation. It first discusses the roles of information security management and the end-users in developing and maintaining the state of information security in the organisation. The paper argues that one of the serious issues of information security management, namely the non-compliance exhibited by end-users, can actually be traced back to the bureaucratic nature of present-day information security management. To provide a way out, the paper formulates the CARE principles towards a more end-user centric approach. The paper also proposes ISSM that is based on the principles of current-day service management. The paper concludes with the major components of ISSM, and provides guidance for the implementation of ISSM in the organisation.

Keywords : information security management; information security service branding; information security service culture; information security service management; information security service support; service management.

        · text in English     · English ( pdf )