Information security evaluation : a holistic approach / Igli Tashi and Solange Ghernaouti-Helie.

Includes bibliographical references (pages 195-198) and index.

What is Information Security? -- Risk Management versus Security Management -- Information Security Assurance: an Assessment Model -- Evaluating the Organizational Dimension -- Evaluating the Functional Dimension -- Evaluating the Human Dimension -- Evaluating the Compliance Dimension -- Concluding Remarks -- Bibliography Index of Keywords and Concepts.

Information Security Evaluation: A Holistic Approach from a Business Perspective proposes a global and systemic multidimensional integrated approach to the holistic evaluation of the information security posture of an organization. The Information Security Assurance Assessment Model (ISAAM) presented in this book is based on, and integrates, a number of information security best practices, standards, methodologies and sources of research expertise, in order to provide a generic model that can be implemented in organizations of all kinds as part of their efforts towards better governing their information security. This approach will contribute to improving the identification of security requirements, measures and controls. At the same time, it provides a means of enhancing the recognition of evidence related to the assurance, quality and maturity levels of the organization{u2019}s security posture, thus driving improved security effectiveness and efficiency. The value added by this evaluation model is that it is easy to implement and operate and that through a coherent system of evaluation it addresses concrete needs in terms of reliance on an efficient and dynamic evaluation tool.