|
|
 |
 |
 |
 |
 |
 |
 |
| Title | Security Governance and Security Culture |
| Speaker | Dr. A.B. Ruighaver, Organisational Information Security Group, University of Melbourne |
| Date | Wednesday 27 July |
| Time | 11:00 - 12:00 |
| Venue | Building 15 - Rm 152 |
| Abstract |
The growing complexity of IT infrastructure, fuelled by the rapid up take of new technologies such as wireless networks and mobile computing, has resulted in a deepening crisis in Information Security. Current standards used in Security Management, such as Cobit, Itil and ISO 17799 are all derived from the old BS 17799-1 standard first published in 1995. Since then, not only has the use of Information Systems and Information and Communication Technology changed dramatically, organizational cultures have also changed. While the world has changed, our approach to securing our information and our systems has simply not been able to keep up. For the past few years, the Organisational Information Security Group in the Department of Information Systems of the University of Melbourne has been investigating the management of information security in the context of what we believe are the three main problem areas in information security: Security Culture, Security Governance and Risk Assessment. We are currently looking for research collaboration to strengthen our research and are also looking for organizations interested in participating in the application of this research in a project called .Aligning information security with organizational culture.. In this presentation, I will concentrate on the research we performed in Security Governance and Security Culture. I will discuss how we extended a strategic context model borrowed from IT governance for use in Security Governance and show how this model highlights some of the major shortcomings in current security standards. To draw attention to some of the other issues in Security Governance, the second part of my presentation will discuss some of the strategic concerns identified in our investigations of the Security Culture of several organisations. |
