A Security Framework for Audit and Manage Information System Security

Abstract

Auditing Information Systems Security is difficult and becomes crucial to ensure the daily operational activities of organizations as well as to promote competition and to create new business opportunities. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework is based on a conceptual model approach, based on the ISO/IEC_JCT1 standards, to assist organizations to better manage their In-formation Systems Security.