The security of information and the risks associated with its use, a model for its implementation (original) (raw)
Related papers
Lecture Notes in Computer Science
The Information System Security is characterized by an organized frame of significances, perceptions, concepts, policies, procedures, techniques and measures that are required in order to protect individual resources-assets of the Information System, but also the entire system, from each intentional or accidental threat. The effective security management of an Information System initially requires the elaboration of a complete study, which is based on the methodology of Information System Risk Analysis and Management and which follows three main stages, according to the International Organization for Standardization: (a) Identification and valuation of assets, (b) Risk Analysis, which includes the threat assessment and the vulnerability assessment of the Information System and (c) Risk Management, which includes the selection of countermeasures, the determination of the security policy as well as the preparation, implementation and observation of the security plan. The purpose of this paper is to propose the effective guidelines that have to apply to all organisations ("participants") in the new information society and suggest the need for a greater awareness and understanding of security issues and the need to develop a "security policy".
A Maturity Level Framework for Measurement of Information Security Performance
International Journal of Computer Applications, 2016
Information is one of the most important assets of the company. With the development of information technology is very rapid, the possibility of ever increasing information security disorder. This research was conducted to find out the level of information security in organization to give recommendations improvements in information security management at the company. This research uses the ISO 27001 by involving the entire clause that exists in ISO 27001 checklist. The source of the data used in this study was a detailed questionnaire and interview. The respondents in this study are all the employees are in the Office of the Bureau of information technology as many as 14 peoples. The results showed maturity level of information security in the Office of the Bureau of information technology is at level 2. The value of the gap between the value of the maturity level of the current and expected level of maturity value is 2.79. Recommendations for improvement are given requires an understanding of the company and also required coordination with the internal company.
Managing Information Security Risk
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. The Special Publication 800-series reports on ITL's research, guidelines, and outreach efforts in information system security, and its collaborative activities with industry, government, and academic organizations.
Information Security Management: A Research Project
Issues in Informing Science and Information Technology, 2004
In an environment of growing information security threats, it is essential to raise the awareness and capabilities of business students entering the workforce to mitigate threats to the enterprise networks. Information security has emerged as the most critical component of any data network. This paper describes a research project jointly undertaken by the author and an undergraduate student in Information Systems to explore some of the technical aspects of information security over the wired and wireless networks.
A Framework for Evaluation of Information Systems Security
2005
a si-jac@dsv.su.se , Forum 100, 164 40 Kista, Tel: +46 (0) 8 161992, Fax: +46 (0) 8 703 90 25 b louise@dsv.su.se , Forum 100, 164 40 Kista, Tel: +46 (0) 8 161610, Fax: +46 (0) 8 703 90 25 c stewart.kowalski@ericsson.com, Forum 100, 164 40 Kista, Fax: +46 ABSTRACT Evaluating information systems security is a process which involves identifying, gathering, and analysing security functionality and assurance level against criteria. This can result in a measure of trust that indicates how well the system meets a particular security target. It is desirable that the trust one can have on system is measurable and quantifiable through out the systems life cycle. Generally this is referred to as Information Security Assurance.
Information Security Management
International Journal of Cyber Warfare and Terrorism, 2013
The authors present a Case Study conducted in a Portuguese military organization, to answer the following research questions: (1) what are the most relevant dimensions and categories of information security controls applied in military organizations? (2) What are the main scenarios of information security incidents that are expected to occur? (3) What is the decision process used for planning and selection information security controls? This study reveals that: (1) information security within the military organization is built on the basis of physical and human attack vectors, and targeting the infrastructure that supports the flow of information in the organization; (2) the information security controls applied in the military organization are included in ISO/IEC 27001; (3) planning and selection of applied information security controls are made by decision makers and information security specialists. It appears that specialists impose their planning options essentially seeking to ...
CONTECSI International Conference on Information Systems and Technology Management
The objective of this research was to make a computer application to improve the quality of information applied to educational institutions based on the ISO 27001 standard. Propose policies, measures, procedures and controls for the use, statistics, control and safeguard for the quality of the information security of the systems in the organization It was developed with a quantitative approach, descriptive, non-experimental and cross-sectional research, the properties of the variables are quantified, the variables are studied in a defined time, to have an overview of the information security controls The contribution is a computer application with the aim of preventing vulnerabilities and threats to the quality of the security system. Propose policies, measures, procedures and controls for the use, statistics, control and safeguard for the quality of the information security of the systems in the organization It starts from identifying risks, threats or vulnerabilities in the quality of information security in an educational institution caused by various situations in educational institutions, proposing measures and controls to maintain the integrity, confidentiality and availability of the information. This software development complies with carrying out an analysis of the quality of information security, this being the basis for establishing an ISMS in this educational Institution, as well as for any Organization that wants to establish measures for the security of your information.
A framework for information security evaluation
Information & Management, 1994
Information Security Management consists of various facets, such as Information Security Policy, Risk Analysis, Risk Management, Contingency Planning and Disaster Recovery; these are all interrelated in some way, often causing uncertainty and confusion among top management. This paper proposes a model for Information Security Management, called an Information Security Management Model (ISM'), which puts all the various facets in context. The model consists of five different levels, defined on a security axis. ISM' introduces the idea of international security criteria or international security standards. The rationale behind these is to enable information security evaluation according to internationally accepted criteria. Due to the lack of internationally recognized and/or accepted information security standards and criteria, this model cannot be implemented in its totality at this time. A restricted form is implemented, forming an information security evaluation tool. This tool can be used for information security management with great success within an organization.
2019
The article outlines a concept of maintaining the required level of security of assets of the information system in the organization (ISO) by making appropriate steering decisions, initiating the generation of the security configurations. The authors proposed and formulated the models of security subject and object as well as the model of the information system in the organization for controlling current level of information security (information recourses) and current performance properties of the operation subsystems, included in the ISO.