Development of a Risk-Based Information Security Standard for Adaption of Blockchain-Enabled Systems

2020 ◽  
pp. 619-631
Author(s):  
Abhishek Biswas ◽  
Avhishek Adhikary ◽  
Pushan Kumar Dutta ◽  
Arnab Chakroborty
Keyword(s):  
Information Security ◽  
Security Standard

Security of ICTs Supporting Healthcare Activities

2013 ◽  
pp. 208-228
Author(s):  
José Manuel Gaivéo
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
International Security ◽  
Communication Technologies ◽  
Risk Classification ◽  
Organizational Information ◽  
Security Standard ◽  
Information And Communication ◽  
Information Assets ◽  
Level Of Risk

Healthcare activities and all that are related with it are conducted by people. This single fact has brought up many precautions about patients and about information related with their health. Using information and communication technologies to support this kind of information requires particular attention about what happens, namely about who can use it and for what it can be used. This chapter intends to identify the vulnerabilities that could be explored, using an international security standard to support a proactive attitude in face of potential threats that explore the identified vulnerabilities, damaging organizational information assets. Another intention is the establishment of a basis of references in information security to define a level of risk classification to build a referential to the potential that a given threat has to exploit the vulnerabilities of an asset, preventing damages to personal and organizational property, including information, and also activity continuity.

Mapping information security standard ISO 27002 to an ontological structure

2016 ◽  
Vol 24 (5) ◽  
pp. 452-473 ◽  
Author(s):  
Stefan Fenz ◽  
Stefanie Plieschnegger ◽  
Heidi Hobel
Keyword(s):  
Information Security ◽  
Formal Representation ◽  
Content Type ◽  
Security Standard ◽  
Compliance Checking ◽  
Baseline Knowledge ◽  
Standards And Guidelines ◽  
Security Compliance ◽  
Security Standards ◽  
Machine Readable

Purpose The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets. Design/methodology/approach Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high. Findings This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets. Originality/value The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.

Implementation: Information Security Management System (ISMS) ISO 27001:2005 at Perbanas University

2014 ◽  
Vol 1 (1) ◽  
pp. 46-58
Author(s):  
IGN Mantra
Keyword(s):  
Information Security ◽  
Management System ◽  
It Governance ◽  
Security Management ◽  
Main Interest ◽  
Information Security Management ◽  
Information Security Management System ◽  
Security Standard ◽  
Iso 27001

There is a need for an Information Security Management System Standard (ISO 27001:2005) at Perbanas University in general. Particularly ABFII Perbanas needs IT governance on Information Security. ISO 27001:2005 is an Information Security Standard that widely used as Information Security Management System (ISMS). IT Governance approach is the main interest within ISO 27001:2005 for Perbanas University.

scholarly journals Audit Sistem Keamanan Informasi Menggunakan ISO 27001 pada SMKN 1 Pugung, Lampung

2019 ◽  
Vol 5 (2) ◽  
pp. 97
Author(s):  
Pangky Februari ◽  
Fitria Fitria
Keyword(s):  
Information Security ◽  
Information And Communication Technology ◽  
Communication Technology ◽  
Educational Institution ◽  
Evaluation Result ◽  
Operational Procedure ◽  
Security Standard ◽  
Information And Communication ◽  
Security Information ◽  
Iso 27001

The implementation of information and communication technology management has become a necessary in every educational institution, especially in SMKN 1 Pugung, Lampung. Hence, in this research is tried to measure the information security standard in SMKN 1 Pugung using ISO 27001. The method used is audit operational which relates with economical and efficiency used of resource as well as the target aimed. Afterwards, the result shows that the analysis of quisionnaire has obtained averages value amounts 3,32 in a whole ISO 27001. It means that information security standard has performed well and written operational procedure standard. Then, the evaluation result which varies from 11 clause I categorized into level 4 (manage and measurable). It means that business process has well-monitored and measured. So therefore, it can be concluded that system audit of security information in SMKN 1 Pugung has been confirmed as good enough.

Security of ICTs Supporting Healthcare Activities

2015 ◽  
pp. 192-212
Author(s):  
José Manuel Gaivéo
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
International Security ◽  
Communication Technologies ◽  
Risk Classification ◽  
Organizational Information ◽  
Security Standard ◽  
Information And Communication ◽  
Information Assets ◽  
Level Of Risk

Healthcare activities and all that are related with it are conducted by people. This single fact has brought up many precautions about patients and about information related with their health. Using information and communication technologies to support this kind of information requires particular attention about what happens, namely about who can use it and for what it can be used. This chapter intends to identify the vulnerabilities that could be explored, using an international security standard to support a proactive attitude in face of potential threats that explore the identified vulnerabilities, damaging organizational information assets. Another intention is the establishment of a basis of references in information security to define a level of risk classification to build a referential to the potential that a given threat has to exploit the vulnerabilities of an asset, preventing damages to personal and organizational property, including information, and also activity continuity.

scholarly journals Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS

2020 ◽  
Vol 4 (4) ◽  
pp. 225
Author(s):  
Diah Sulistyowati ◽  
Fitri Handayani ◽  
Yohan Suryanto
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Critical Infrastructure ◽  
Readiness Assessment ◽  
Analysis And Design ◽  
Pci Dss ◽  
Security Standard ◽  
The Government ◽  
Security Standards ◽  
Iec 27002

Data or Information security in today's digital era is crucial in every organization that needs to pay attention. Management of organizational information is one of the components in realizing Good Corporate Governance. The measure of an adequate level of protection is an indicator of the cybersecurity awareness aspects of an organization's business processes in the short, medium, and long term, especially in the field that deals with information and communication technology (ICT). To make this happen, it requires a security standard that is appropriate and follows its needs to help organizations know the maturity level of cybersecurity in protecting its information security. The ABC organization is one of the Government agencies that manage the critical infrastructure and Indonesian digital economies. The organization has currently implemented several international security standards through its planning, implementation, evaluation document, and ICT activities.  However, based on the national information security readiness assessment, information security management readiness results are still not optimal. In this study, an analysis of the NIST, ISO 27002, COBIT, and PCI DSS security standards has been carried out, which are ABC organizational security standards in managing ICT by assigned tasks and functions. Furthermore, the analysis result is used as materials for drafting a cybersecurity maturity framework through the four standard approaches that have become the basis for ICT management. The proposed concept of twenty-one integrated cybersecurity categories is expected to be a capital in measure ICT management performance in ABC organizations.

Sign in / Sign up

Export Citation Format

Share Document