n Journal of Contemporary Management - Information Security Service Management




This paper proposes Information Security Service Management (ISSM) as an improved alternative to the present-day approach to information security management in the organisation. It first discusses the roles of information security management and the end-users in developing and maintaining the state of information security in the organisation. The paper argues that one of the serious issues of information security management, namely the non-compliance exhibited by end-users, can actually be traced back to the bureaucratic nature of present-day information security management. To provide a way out, the paper formulates the CARE principles towards a more end-user centric approach. The paper also proposes ISSM that is based on the principles of current-day service management. The paper concludes with the major components of ISSM, and provides guidance for the implementation of ISSM in the organisation.


Article metrics loading...

This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error