Skip to main content
SpringerLink
Log in

Positioning Information Security Roles, Processes and Interactions

  • Chapter
ISSE 2013 Securing Electronic Business Processes

  • 875 Accesses

Abstract

All information security professionals around the globe acknowledge that “everyone is responsible for information security” in a company. This trivial statement looks clever but hides core challenges, ”Who is everyone? How does everyone contribute or challenge information security?”

In our researched project we researched in-depth roles, processes and interaction in the corporate information security, by creating a framework for crystal clear defined roles and its associated security obligations and responsibilities. 20 corporate roles are analyzed from management and security perspective; classical interactions between information security roles leveraging and turning down security are given in case studies. Furthermore we generated structured tasks descriptions of the roles and open the road to the fulfillment of an information security consultants dream by creating Job descriptions including its security responsibilities!

We justified the necessity of defining roles and by introducing benefits of this approach:

  1. 1.

    Avoiding unnecessary conflicts and internal politics by establishing security organization with inclusion of all employees’ duties.

  2. 2.

    Increasing security-level, efficiency and productivity by assigning clearly responsibilities.

  3. 3.

    Achieving good information security governance by encouraging coordinated team effort and mutual control.

Illustrative corporate examples demonstrate the need to supplement traditional corporate information security governance frameworks with roles and responsibilities for all positions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Papadopoulos, Dimitrios: Positioning the roles, interfaces and processes in the information security scene, Information Security Management, Gjovik University College 2013.

    Google Scholar 

  2. Hoehl, Michael: Creating a monthly information security scorecard for CIO and CFO. SANS Institute InfoSec Reading Room. 2010.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Gjovik University College, Gjovik

    Dimitrios Papadopoulos

Authors
  1. Dimitrios Papadopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bernhard M. Hämmerli
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TeleTrusT – Bundesverband IT-Sicherheit e.V., Erfurt, Germany

    Helmut Reimer

  2. Gelsenkirchen, Germany

    Norbert Pohlmann

  3. Darmstadt, Germany

    Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Fachmedien Wiesbaden

About this chapter

Cite this chapter

Papadopoulos, D., Hämmerli, B. (2013). Positioning Information Security Roles, Processes and Interactions. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-658-03371-2_14

  • Publisher Name: Springer Vieweg, Wiesbaden

  • Print ISBN: 978-3-658-03370-5

  • Online ISBN: 978-3-658-03371-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation