ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
Computers & Security
Volume 25, Issue 7, October 2006, Pages 494-497
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
Article
Purchase PDF (133 K)

  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (0)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/j.cose.2006.08.013    How to Cite or Link Using DOI (Opens New Window)
Copyright © 2006 Elsevier Ltd All rights reserved.

Information security governance: Due care

Rossouw von Solmsa, Corresponding Author Contact Information, E-mail The Corresponding Author and S.H. (Basie) von Solmsb, E-mail The Corresponding Author

aCentre for Information Security Studies, Nelson Mandela Metropolitan University, South Africa bAcademy for Information Technology, University of Johannesburg, South Africa

Received 29 June 2006; 
revised 29 August 2006; 
accepted 29 August 2006. 
Available online 6 October 2006.

Purchase the full-text article



References and further reading may be available for this article. To view references and further reading you must purchase this article.

Abstract

Most modern corporate governance guidelines, and also some country laws, make the Board and specifically the CEO responsible for the well-being of the organization. These parties must ensure that critical company assets are identified and that these assets are protected against possible risks that may negatively influence the organization. Information can certainly be regarded as a critical business asset in most organizations today. Therefore, due care needs to be applied in the protection of information resources. Failure to do so can lead to a legal charge of negligence. As best practices can be argued as a very effective approach to apply due care, this paper proposes a self-evaluation exercise (based on best practices) for boards of companies to be used to determine whether due care has indeed been applied.

Keywords: Governance; Corporate governance; Information security governance; Due care; Negligence; Best practices

Article Outline

1. Introduction
2. Corporate governance guidelines
3. Due care, negligence and best practices
4. Due care self-evaluation exercise
5. Conclusion
References
Vitae

Computers & Security
Volume 25, Issue 7, October 2006, Pages 494-497
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.