Toward a New Integrated Approach of Information Security Based on Governance, Risk and Compliance

Zaydi, Mounia; Nassereddine, Bouchaib

doi:10.1007/978-3-030-03577-8_37

Mounia Zaydi⁵ &
Bouchaib Nassereddine⁵

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 111))

Included in the following conference series:

International Conference Europe Middle East & North Africa Information Systems and Technologies to Support Learning

1069 Accesses
1 Citations

Abstract

Nowadays, information system security (ISS) is more than just a technical issue, it becomes a business matter. To deal with it, disciplines such as ISS governance (ISS-Gov), ISS risk management (ISS-Risk) and ISS compliance (ISS-Compliance) have been emerged, nevertheless these domains have been addressed separately, which arises a problem of performance and efficiency. Hence, the necessity of an ISS integrated approach. This paper propose a new integrated approach of information security based on Governance, Risk management and Compliance (ISS-GRC).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Mitchell, S.L.: GRC360: A framework to help organisations drive principled performance. Int. J. Discl. Governance 4(4), 279–296 (2007)
Article Google Scholar
Racz, N., Seufert, A., Weippl, E.: A process model for integrated IT governance, risk, and compliance management. In: Proceedings of the Ninth Baltic Conference on Databases and Information Systems (DB&IS 2010), p. 155 (2010)
Google Scholar
Tapscott, D.: Trust and Competitive Advantage: An Integrated Approach to Governance, Risk & Compliance (2006)
Google Scholar
PricewaterhouseCoopers: PricewaterhouseCoopers Integrity-Driven Performance PricewaterhouseCoopers International Limited, Germany (2004)
Google Scholar
Vicente, P., da Silva, M.M.: A conceptual model for integrated governance, risk and compliance. In: Proceedings of the 23rd International Conference on Advanced Information Systems Engineering, p. 199. Springer, Heidelberg (2011)
Google Scholar
Vunk, M., Mayer, N., Matulevičius, R.: A framework for assessing organisational IT governance, risk and compliance. In: International Conference on Software Process Improvement and Capability Determination, pp. 337–350 (2017)
Google Scholar
Zaydi, M., Nassereddine, B.: A new comprehensive information system security governance framework a proposition of an information system security risk management unified process (4D-ISS), pp. 1–16 (2018)
Google Scholar
Ohki, E., Harada, Y., Kawaguchi, S., Shiozaki, T., Kagaua, T.: Information security governance framework. In: Proceedings of the First ACM workshop on Information Security Governance, pp. 1–6 (2009)
Google Scholar
ISO/IEC 38500:2015: Information technology - governance of IT for the organization. International Organization for Standardization, Geneva (2015)
Google Scholar
Bloch, L., Wolfhugel, C.: Sécurité informatique: Principes et méthodes à l’usage des DSI, RSSI et administrateurs. Editions Eyrolles, 15 May 2013
Google Scholar
Lewis, E., Millar, G.: The viable governance model – a theoretical model for the governance of IT. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (2009)
Google Scholar
Racz, N., Weippl, E., Seufert, A.: A process model for integrated IT governance, risk, and compliance management (2010)
Google Scholar
Humbert, J.P., Mayer, N.: La gestion des risques pour les systèmes d ’ information. 24, 1–12 (2006)
Google Scholar
ISO 27005 LOGICAL C. Information technology–Security techniques–Information security management systems–Requirements (2013)
Google Scholar
Asnar, Y., Massacci, F.: A method for security governance, risk, and compliance (GRC): a goal-process approach. In: LNCS (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6858, pp. 152–184 (2011)
Chapter Google Scholar
Rasmussen, M., Kark, K., Penn, J., McClean, C., Bernhardt, S.: Trends 2007: governance risk and compliance: organizations are motivated to formalize a federated GRC process (2007)
Google Scholar

Download references

Author information

Authors and Affiliations

Faculty of Sciences and Techniques, Hassan 1st University, Settat, Morocco
Mounia Zaydi & Bouchaib Nassereddine

Authors

Mounia Zaydi
View author publications
You can also search for this author in PubMed Google Scholar
Bouchaib Nassereddine
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mounia Zaydi .

Editor information

Editors and Affiliations

Departamento de Engenharia Informática, Faculdade de Ciências e Tecnologia, Universidade de Coimbra, Coimbra, Portugal
Álvaro Rocha
Departement informatique, Faculté des Sciences, Université Mohammed Ier, Oujda, Morocco
Mohammed Serrhini

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Zaydi, M., Nassereddine, B. (2019). Toward a New Integrated Approach of Information Security Based on Governance, Risk and Compliance. In: Rocha, Á., Serrhini, M. (eds) Information Systems and Technologies to Support Learning. EMENA-ISTL 2018. Smart Innovation, Systems and Technologies, vol 111. Springer, Cham. https://doi.org/10.1007/978-3-030-03577-8_37

Download citation

DOI: https://doi.org/10.1007/978-3-030-03577-8_37
Published: 25 October 2018
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03576-1
Online ISBN: 978-3-030-03577-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics