Abstract
Nowadays, information system security (ISS) is more than just a technical issue, it becomes a business matter. To deal with it, disciplines such as ISS governance (ISS-Gov), ISS risk management (ISS-Risk) and ISS compliance (ISS-Compliance) have been emerged, nevertheless these domains have been addressed separately, which arises a problem of performance and efficiency. Hence, the necessity of an ISS integrated approach. This paper propose a new integrated approach of information security based on Governance, Risk management and Compliance (ISS-GRC).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mitchell, S.L.: GRC360: A framework to help organisations drive principled performance. Int. J. Discl. Governance 4(4), 279–296 (2007)
Racz, N., Seufert, A., Weippl, E.: A process model for integrated IT governance, risk, and compliance management. In: Proceedings of the Ninth Baltic Conference on Databases and Information Systems (DB&IS 2010), p. 155 (2010)
Tapscott, D.: Trust and Competitive Advantage: An Integrated Approach to Governance, Risk & Compliance (2006)
PricewaterhouseCoopers: PricewaterhouseCoopers Integrity-Driven Performance PricewaterhouseCoopers International Limited, Germany (2004)
Vicente, P., da Silva, M.M.: A conceptual model for integrated governance, risk and compliance. In: Proceedings of the 23rd International Conference on Advanced Information Systems Engineering, p. 199. Springer, Heidelberg (2011)
Vunk, M., Mayer, N., Matulevičius, R.: A framework for assessing organisational IT governance, risk and compliance. In: International Conference on Software Process Improvement and Capability Determination, pp. 337–350 (2017)
Zaydi, M., Nassereddine, B.: A new comprehensive information system security governance framework a proposition of an information system security risk management unified process (4D-ISS), pp. 1–16 (2018)
Ohki, E., Harada, Y., Kawaguchi, S., Shiozaki, T., Kagaua, T.: Information security governance framework. In: Proceedings of the First ACM workshop on Information Security Governance, pp. 1–6 (2009)
ISO/IEC 38500:2015: Information technology - governance of IT for the organization. International Organization for Standardization, Geneva (2015)
Bloch, L., Wolfhugel, C.: Sécurité informatique: Principes et méthodes à l’usage des DSI, RSSI et administrateurs. Editions Eyrolles, 15 May 2013
Lewis, E., Millar, G.: The viable governance model – a theoretical model for the governance of IT. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (2009)
Racz, N., Weippl, E., Seufert, A.: A process model for integrated IT governance, risk, and compliance management (2010)
Humbert, J.P., Mayer, N.: La gestion des risques pour les systèmes d ’ information. 24, 1–12 (2006)
ISO 27005 LOGICAL C. Information technology–Security techniques–Information security management systems–Requirements (2013)
Asnar, Y., Massacci, F.: A method for security governance, risk, and compliance (GRC): a goal-process approach. In: LNCS (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6858, pp. 152–184 (2011)
Rasmussen, M., Kark, K., Penn, J., McClean, C., Bernhardt, S.: Trends 2007: governance risk and compliance: organizations are motivated to formalize a federated GRC process (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Zaydi, M., Nassereddine, B. (2019). Toward a New Integrated Approach of Information Security Based on Governance, Risk and Compliance. In: Rocha, Á., Serrhini, M. (eds) Information Systems and Technologies to Support Learning. EMENA-ISTL 2018. Smart Innovation, Systems and Technologies, vol 111. Springer, Cham. https://doi.org/10.1007/978-3-030-03577-8_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-03577-8_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03576-1
Online ISBN: 978-3-030-03577-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)