Abstract:

Security is an important part of every enterprise. According to the AusCERT 2006, although enterprises do have common security countermeasures, they still suffer losses. These losses seem to occur because enterprises prefer to be reactive to security than take a proactive stance [23]. In this paper we assume that implementation of a new enterprise security governance strategy will be useful for organizations to adopt a proactive approach. The proposed security framework is developed from the literature and each part of the framework provides the opportunity to identify critical success factors. By using this framework the organizations are able to build a strong security base for their enterprise.