The Proceedings of the Conference on Information Systems Applied Research 2008: §1533    Home    Papers/Indices    prev (§022)    Next (§1534)
Thu, Nov 6, 1:30 - 1:55, Pueblo C     Paper (refereed)
Recommended Citation: Kluge, D and S E Sambasivam.  Formal Information Security Standards in German Medium Enterprises.  In The Proceedings of the Conference on Information Systems Applied Research 2008, v 1 (Phoenix): §1533. ISSN: 0000-0000.
CDpic

Formal Information Security Standards in German Medium Enterprises

thumb
Refereed12 pages
David Kluge    [a1] [a2]
Liverpool    [u1] [u2]
Liverpool, UK    [c1] [c2]

Samuel E. Sambasivam    [a1] [a2]
Computer Science Department
Azusa Pacific University    [u1] [u2]
Azusa, California, USA    [c1] [c2]

During the last ten years, the role of formal information security standards has gained importance. In several ways, they can be helpful in achieving security of business information systems. One of them is the provision of comprehensive collections of evaluation criteria and security measures. Such can be the basis of a holistic security strategy in that they can act as basis for security policies and auditing schemes. Large enterprises appear to have determined security strategies and written security policies as a matter of course and in most cases it can be anticipated that formal standards have been their origin. As for firms from the medium size sector, this is less often the case. This paper deals with the acceptance of formal standards among medium enterprises. We analyze their suitability with respect to company size and discuss typical challenges to their implementation.

Keywords: Information Security, Medium Enterprises, Formal Standards, ISO 27001, Suitability

Read this refereed paper in Adobe Portable Document (PDF) format. (12 pages, 724 K bytes)
Preview this refereed paper in Plain Text (TXT) format. (41 K bytes)

CDpic
Comments and corrections to
webmaster@isedj.org