Abstract
The academic literature offers many different frameworks and models of Information Security Governance (ISG). Considerable advancements have been made in identifying the components and principles of ISG. However, the current research has not identified the viability principles and components of ISG that ensure business continuity. This paper proposes a systemic model of ISG using the principles and systems of cybernetics as embodied in Stafford Beer’s Viable System Model (VSM). It also establishes a baseline of the current information security operations system by adopting and simulating the BS ISO/IEC 27035 and shows the results of the simulation. Adopting the proposed viable system model of information security governance helps organizations not only in ensuring the effectiveness of internal controls but also in ensuring business continuity.
Chapter PDF
Similar content being viewed by others
References
Beer, S.: Brain of the Firm, 2nd edn. Wiley, Chichester (1981)
Beer, S.: The viable system model: its provenance, development, metho-dology and pathology. Journal of the Operational Research Society 35(1), 7–25 (1984), http://www.jstor.org/stable/2581927 (retrieved)
Beer, S.: The Heart of Enterprise. Classic Beer Series, p. 596. Wiley (1979)
Black, K.: Business Statistics: Contemporary Decision Making, p. 836. John Wiley & Sons (2009), http://books.google.com/books?id=KQ25WExx5usC&pgis=1 (retrieved)
BS ISO/IEC 27035, BSI Standards Publication Information technology — Security techniques — Information security incident management (2011)
Corporate Governance Task Force, Information security governance: a call to action. National Cyber Security Summit Task Force 1(3) (2004)
da Veiga, A., Eloff, J.: An information security governance framework. Information Systems Management 24(4), 361–372 (2007)
Entrust, Information Security Governance (ISG): An Essential Element of Corporate Governance (April 2004)
Gokhale, G.B.: Organisational Information Security: A Viable System Perspective. Information Security & Threats System 17799 (2002)
HP Laboratories (2012), Security Analytics: Risk Analysis for an Organisation’s Incident Management Process, http://www.hpl.hp.com/techreports/2012/HPL-2012-206.html (retrieved)
ITGI, Information security governance: guidance for boards of directors and executive management. Corporate Governance. Isaca (2006)
Lewis, G.: A cybernetic view of environmental management: The impli-cations for business organizations. Business Strategy and the Environment 6, 264–275 (1997)
Ohki, E., Harada, Y., Kawaguchi, S., Shiozaki, T., Kagaya, T.: Infor-mation security governance framework. In: Proceedings of the First ACM Workshop on Information Security Governance - WISG 2009, vol. 1 (2009)
Posthumus, S., Von Solms, R.: A framework for the governance of information security. Computers & Security 23(8), 638–646 (2004)
Schwaninger, M.: Theories of viability: a comparison. Systems Research and Behavioral Science 347, 337–347 (2006)
Skyttner, L.: General systems theory: problems, perspectives, practice (2005)
Vinnakota, T.: Systems approach to Information Security Governance: An imperative need for sustainability of enterprises. In: 2011 Annual IEEE India Conference, pp. 1–8 (2011), doi:10.1109/INDCON.2011.6139620
Von Solms: Information Security – The Fourth Wave. Computers & Security 25(3), 165–168 (2006)
Von Solms, R., Von Solms, S.: Information security governance: A model based on the direct-control cycle. Computers & Security 25(6), 408–412 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Alqurashi, E., Wills, G., Gilbert, L. (2013). A Viable System Model for Information Security Governance: Establishing a Baseline of the Current Information Security Operations System. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-39218-4_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)