Skip to main content

Information Security Management – Best Practice Guidelines for Managers

  • Chapter
  • First Online:
ISSE 2012 Securing Electronic Business Processes


This paper presents “Information Security Management – Best Practice Guidelines for Managers” writen by TeleTrusT – IT Security Association Germany – Working Group on Information Security Management (ISM) and aims to make clear, that properly understood and integrated enterprise information security minimizes risks, increases transparency and improves sustainably the security of the companies. It saves costs and enables to realize cost saving potentials, that would not be recognized without the information security management. The main focus of this paper is to achieve management awareness and to deliver answers to the key questions for top management in matters of ISM, like:

  1. 1.

    What motivates the management to invest in comprehensive information security?

  2. 2.

    How much and what kind of specific information security needs a business?

  3. 3.

    How intact is my ISM orgaoisation today - Quick Check!

  4. 4.

    What is the path to “step by step to success” in ISM!

  5. 5.

    What are the added benefits and hidden cost saving potentials opened up by a holistic information security manageroent system (ISMS)!

  6. 6.

    How useful is software support in information security and IT risk management?

  7. 7.

    When and how comprehensive infonnation security management will be cost-effective (ROI)?

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. A.T. Kearney press release “Large companies ignore the risks posed by hackers and industrial spies”

    Google Scholar 

  2. The 2012 Global State of Information Security Survey® by PwC, CIO Magazine and CSO Magazine

    Google Scholar 

  3. Racz, Nicolas; Weippl, Edgar; Seufert, Andreas: A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC). In: De Decker, Bart (Hrsg.); SchaumüllerBichl, Ingrid (Hrsg.): Communications and Multimedia Security Bd. 6109. Springer Berlin/ Heidelberg, 2010.

    Google Scholar 

  4. ISACA: COBIT Framework for IT Governance and Control.

  5. BITKOM; DIN: Kompass der IT-Sicherheitsstandards Leitfaden und Nachschlagewerk, 4. Auflage. August 2009

    Google Scholar 

  6. Müller, Klaus-Rainer: IT-Sicherheit mit System. 4. Auflage. Vieweg + Teubner, 2011.

    Google Scholar 

  7. Grünendahl, Ralf-T.; Steinbacher, Andreas F.; Will, Peter H. L.: COBIT und BSI als Leitschnur der IT-Sicherheit. In: Das IT-Gesetz: Compliance in der IT-Sicherheit. Vieweg + Teubner, 2009.

    Google Scholar 

  8. [8] Goltsche, Wolfgang: COBIT kompakt und verständlich. Vieweg, 2006.

    Google Scholar 

  9. Falk, Michael: Ableitung des Control-Frameworks für IT-Compliance. Gabler, 2012.

    Google Scholar 

  10. DIN ISO/IEC: Informationstechnik – IT-Sicherheitsverfahren – Informationssicherheits-Managementsysteme – Anforderungen DIN ISO/IEC 27001. – Entwurf Februar 2007.

    Google Scholar 

  11. Bundesamt für Sicherheit in der Informationstechnik: BSI-Standard 1001 Managementsysteme für Informationssicherheit Version 1.5., 2008.

    Google Scholar 

  12. Humphreys, Edward: Information Security Management System Standards. In: Datenschutz und Datensicherheit 1, 2011.

    Google Scholar 

  13. Kilian, Detlef: Einführung in Informationssicherheitsmanagementsysteme (I): Begriffsbestimmung und Standards. In: IT-Sicherheit & Datenschutz 10, 2006.

    Google Scholar 

  14. Kilian, Detlef: Einführung in Informationsmanagementsysteme (II): BSI-Standards und Vergleich. In: IT-Sicherheit & Datenschutz 1, 2007.

    Google Scholar 

  15. Kilian, Detlef: Einführung in Informationsmanagementsysteme (III): Praktische Umsetzung von Informationssicherheitsstandards. In: IT-Sicherheit & Datenschutz 3, 2007.

    Google Scholar 

  16. Benedikt Pirzer: Analysis and evaluation of the effectiveness and efficiency of Information Security Management Systems, Mai 2012,

  17. Rumpel, Rainer, Glanze, Richard: Verfahren zur Wirtschaftlichkeitsanalyse von IT-Sicherheitsinvestitionen,

  18. PONEMON INSTITUTE: The True Cost of Compliance Benchmark Study of Multinational Organizations. Version: Januar 2011.

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Werner Wüpper .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Fachmedien Wiesbaden

About this chapter

Cite this chapter

Wüpper, W., Windhorst, I. (2012). Information Security Management – Best Practice Guidelines for Managers. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2012 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer Vieweg, Wiesbaden

  • Print ISBN: 978-3-658-00332-6

  • Online ISBN: 978-3-658-00333-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics