Information security management - Best practice guidelines for managers

This paper presents "Information Security Management - Best Practice Guidelines for Managers" writen by TeleTrusT - IT Security Association Germany - Working Group on Information Security Management (ISM) and aims to make clear, that properly understood and integrated enterprise information security minimizes risks, increases transparency and improves sustainably the security of the companies. It saves costs and enables to realize cost saving potentials, that would not be recognized without the information security management. The main focus of this paper is to achieve management awareness and to deliver answers to the key questions for top management in matters of ISM,like: 1. What motivates the management to invest in comprehensive information security? 2. How much and what kind of specific information security needs a business? 3. How intact is my ISM organization today - Quick Check? 4. What is the path to "step by step to success" in ISM? 5. What are the added bene fits and hidden cost saving potentials opened up by a holistic information security management system (ISMS)? 6. How useful is software support in information security and IT risk management? 7. When and how comprehensive infonnation security management will be cost-effective (ROI)?.