Abstract
Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assurance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly managed by recognising the implications of the self-interest of each party involved. We show how tensions between these parties can lead to a misalignment of the goals of security and what needs to be done to ensure this does not happen.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 7th International Conference on Security of Information and Networks |
| Place of Publication | New York |
| Publisher | ACM |
| Pages | 77-84 |
| Number of pages | 8 |
| ISBN (Print) | 9781450330336 |
| DOIs | |
| Publication status | Published - 11 Sep 2014 |
| Event | The 7th International Conference on Security of Information and Networks - Western Infirmary Lecture Theatre, Glasgow University., Glasgow, United Kingdom Duration: 9 Sep 2014 → 11 Sep 2014 http://www.sinconf.org/sin2014/ |
Conference
| Conference | The 7th International Conference on Security of Information and Networks |
|---|---|
| Abbreviated title | SIN 2014 |
| Country/Territory | United Kingdom |
| City | Glasgow |
| Period | 9/09/14 → 11/09/14 |
| Internet address |
Keywords
- standards
- assurance
- audit
- security
- compliance
- checklists