Are standards enough to guarantee information security? This paper explores how security managers can leverage national standards to gain senior management recognition for information security procedures. It introduces the risk data repository (RDR) computer model to manage organizational information security data and facilitate risk analysis studies. The RDR aims to assist security officers in maintaining a continuous record of the organizational information security scenario and facilitating system security development, business continuity planning, and standards conformance audits. This research contributes to establishing a more robust framework for information security management.
Published in Information Management & Computer Security, this paper directly addresses the journal's focus on information security practices and technologies. The introduction of the RDR computer model for managing organizational security data aligns with the journal's aim of providing practical solutions for enhancing information security. The cited references likely explore related topics in information security standards and risk analysis.