Information Security Evaluation：A Holistic Approach from a Business Perspective

Information systems have become a critical element of every organization’s structure. A malfunction of the information and communication technology (ICT) infrastructure can paralyze the whole organization and have disastrous consequences at many levels. On the other hand, modern businesses and organizations collaborate increasingly with companies, customers, and other stakeholders by technological means. This emphasizes the need for a reliable and secure ICT infrastructure for companies whose principal asset and added value is information.
Information Security Evaluation: A Holistic Approach from a Business Perspective proposes a global and systemic multidimensional integrated approach to the holistic evaluation of the information security posture of an organization. The Information Security Assurance Assessment Model (ISAAM) presented in this book is based on, and integrates, a number of information security best practices, standards, methodologies and sources of research expertise, in order to provide a generic model that can be implemented in organizations of all kinds as part of their efforts towards better governing their information security.
This approach will contribute to improving the identification of security requirements, measures and controls. At the same time, it provides a means of enhancing the recognition of evidence related to the assurance, quality and maturity levels of the organization’s security posture, thus driving improved security effectiveness and efficiency. The value added by this evaluation model is that it is easy to implement and operate and that through a coherent system of evaluation it addresses concrete needs in terms of reliance on an efficient and dynamic evaluation tool.

Igli Tashi holds a Ph.D. in Information Systems and a Master of Advanced Studies in Legal Issues, Crime and ICT Security, both from the University of Lausanne. He is an expert on information security and risk management issues and works currently as a Senior Auditor for PricewaterhouseCoopers SA in Switzerland.

Solange Ghernaouti-Hélie is a professor in the Faculty of Business and Economics at the University of Lausanne and well-known recognised international expert on cybersecurity and cybercrime-related issues. She has developed an interdisciplinary and integrative security approach for citizens, organisations and states, and she is author of more than twenty books on telecommunications and security issues.

What is Information Security?Risk Management versus Security ManagementInformation Security Assurance: an Assessment ModelEvaluating the Organizational DimensionEvaluating the Functional DimensionEvaluating the Human DimensionEvaluating the Compliance DimensionConcluding RemarksBibliography Index of Keywords and Concepts