scholarly journals Towards a General Information Security Management Assessment Framework to Compare Cyber-Security of Critical Infrastructure Organizations

2016 ◽  
pp. 127-141 ◽  
Author(s):  
Edward W. N. Bernroider ◽  
Sebastian Margiol ◽  
Alfred Taudes
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Security Management ◽  
General Information ◽  
Assessment Framework ◽  
Information Security Management

scholarly journals Advanced Approach to Information Security Management System Model for Industrial Control System

2014 ◽  
Vol 2014 ◽  
pp. 1-13 ◽  
Author(s):  
Sanghyun Park ◽  
Kyungho Lee
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
General Information ◽  
Sensitive Information ◽  
New Paradigm ◽  
Industrial Control ◽  
Information Security Management ◽  
International Standard ◽  
Information Security Management System

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Re-Visiting Cyber Security Training in the COVID-19 Era

2021 ◽  
Vol 10 (2) ◽  
pp. 16-20
Author(s):  
Fabio DI FRANCO ◽  
Konstantinos PAPADATOS ◽  
Konstantinos RANTOS
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
Security Management ◽  
The European Union ◽  
European Security ◽  
Information Security Management ◽  
Security Training ◽  
Travel Restrictions ◽  
On Line ◽  
Ict Security

Cyber security training, as many other aspects in our lives, has been adapted to address concerns related to travel restrictions and group gatherings resulting from the COVID-19 pandemic. In this context, ENISA, the European Union Agency for Cybersecurity, had to re-visit and significantly modify its already established course on Information Security Management and ICT security, which is provided under the auspices of the European Security and Defence College (ESDC). The program provides public employees the opportunity to gain the necessary knowledge and skills to assume an Information Security Management role. The restructured course was introduced to address the COVID-19 restrictions and has proven to be equally effective to the classroom-delivered course, if not more effective at some parts. This paper presents the main structure of the fully online training, its innovative elements, and the assessment results which prove that COVID-19 pandemic has triggered the introduction of innovative and successful on-line training scenarios.

Selected Aspects of Information Security Management in Entities Performing Medical Activity

2021 ◽  
Vol 1 (2) ◽  
pp. 30-37
Author(s):  
Dominika Lisiak-Felicka ◽  
Pawel Nowak ◽  
Maciej Szmit
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
Security Management ◽  
Information Security Management ◽  
Medical Activity ◽  
General Data Protection Regulation ◽  
Information Security Management System ◽  
The Us ◽  
Information Security Training ◽  
Survey Interviews

The article is devoted to the issues related to an information security management in medical entities. The healthcare entities have been amongst the prime targets for hackers for several years. According to the IBM report “The 2016 X-Force Cyber Security Intelligence Index” in 2015 most of the attacks were carried out against these entities. The years 2016 and 2017 also witnessed spectacular cyberattacks, for example: medical records breach of 3.3 million people because of an unauthorized access to a server in the US, some WannaCry ransomware attacks on the UK hospitals, some MongoDB Database Leaks in the US or NotPetya ransomware attacks in the US hospitals. Entities performing medical activity are processing personal data concerning health that is classified as a “sensitive data” and needs a special protection. The article presents the results of the survey – interviews with IT managers (or designated persons) in entities performing medical activity in Lodz Voivodeship in Poland. The aim of the research was analysis and evaluation of information security management in these entities. The interviews had been performed between December, 2017 and January, 2018. As the results of the research, the ways of information security management were identified (in particular such aspects as: characteristics of the information security teams, information security management system auditing, risk management, information security incidents, budgets for information security, training and the General Data Protection Regulation implementation). The paper also describes the types of information that should be protected in healthcare entities and characteristic of surveyed entities that subordinate to the local government of Lodz Voivodeship in Poland.

scholarly journals Proposal for a Security Management in Cloud Computing for Health Care

2014 ◽  
Vol 2014 ◽  
pp. 1-7 ◽  
Author(s):  
Knut Haufe ◽  
Srdan Dzombeta ◽  
Knud Brandis
Keyword(s):  
Health Care ◽  
Cloud Computing ◽  
Information Security ◽  
Health Care Organizations ◽  
Security Management ◽  
General Information ◽  
Care Organization ◽  
Information Security Management ◽  
Systems Research ◽  
Information Security Management System

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Sign in / Sign up

Export Citation Format

Share Document