INFORMATION SECURITY COMPLIANCE MANAGEMENT
INFORMATION SECURITY COMPLIANCE MANAGEMENT
Author(s): Haris Hamidović, Amina Buljubašić, Edina ŠehićSubject(s): Business Economy / Management, Information Architecture, Electronic information storage and retrieval, ICT Information and Communications Technologies, Socio-Economic Research
Published by: Internacionalna poslovno – informaciona akademija
Keywords: Information Security; Risk; Compliance; Enterprise Security Standard;
Summary/Abstract: Compliance is an important concept for information security managers to understand. Compliance means adhering to a rule or set of rules. In the case of information security, compliance refers to the rules to which people, systems, and processes are expected to comply - these are typically laws, regulations, policies, standards, guidance or specifications. Effective compliance management requires a disciplined, repeatable approach to enterprise security management that, among other things, should include development of baseline enterprise security standards - the identification of all the security categories and controls applicable to the organization. In this paper, we talk about the approach that, based on good industry practices, information security managers in Bosnia and Herzegovina can use to develop a baseline enterprise security standard for effective compliance management.
Journal: Zbornik radova Međunarodne naučne konferencije o digitalnoj ekonomiji DIEC
- Issue Year: 7/2024
- Issue No: 7
- Page Range: 23-32
- Page Count: 10
- Language: English