The International Institute for Science, Technology and Education (IISTE)
Abstract
Information security to date has been driven a lot of attention in business world. The cyber security standards play significant and crucial role in promoting feasible approaches to organizations while making comprehensive strategical planning. This paper aims at providing a systematic overview of information technology (IT) security management in organizations. Conducted a structured literature from academic database and industry whitepapers, we review a number of the critical issues and challenges facing the industry today and in the future. In line with the fundamental elements of information security, we propose an integrated framework to understand the current situation of IT security management. In particular, we focus on several critical fundamental functions of IT security management: Security and Risk Management, Security Operations, and Security Assessments and Testing. Then, we use the proposed framework as a lens to discuss and solve the security issues in bring your own device (BYOD) in organizations. Keywords: IT security, IT security framework, bring your own device DOI: 10.7176/EJBM/12-18-01 Publication date:June 30th 202
