Alignment of information security with business areas - Contribution of NBR ISO/IEC 27002:2013 (original) (raw)

Proceedings of the 11th CONTECSI International Conference on Information Systems and Technology Management, 2014

Abstract

This study aimed to identify the controls of the NBR ISO / IEC 27002:2013 that guide the participation of the business areas where the information security process . The alignment process of information security with business areas is a topic always required in the environment of organizations and in this context, the question arose: the normative explicit security controls that govern the participation of business areas? The standard ISO / IEC 27002:2013 was taken as a basis for this research, because it is the main legislative process on organizational information security. A survey was conducted to identify the controls that require, directly or indirectly, participation of business areas. Was identified as a result a set of 28 (twenty-eight) controls, the 114 (one hundred and fourteen) that make up this standard, requiring the participation of the business areas and therefore allow the alignment of process safety information with the objective of business of the organization. It follows therefore that the NBR ISO/IEC 27002:2013 contributes to the alignment of the management of information security with business areas. Full Paper PDF: http://www.contecsi.fea.usp.br/envio/11contecsi-files/papers/714/submission/director/714-2441-1-DR.pdf

Edison Fontes hasn't uploaded this paper.

Let Edison know you want this paper to be uploaded.

Ask for this paper to be uploaded.