Corporate system security: towards an integrated management approach
This paper discusses an integrated security approach that engages multiple functional levels in an organization from the Board and management to IT staff and individual users. The discussion presents security issues at the policy setting level and important control implementations at the gateway interface, internal network, and corporate files. As this approach involves multiple layers, the security environment can be strengthened. This discussion can be used as a guideline for corporate security management, as the components for a security audit, and as an internal communication to enhance corporate security awareness. The comprehensive view presented in this discussion is beneficial to managers, auditors, controllers, and consultants who work on security issues.