On the Issue of Information Security Risks Assessment of Business Processes

2018 ◽  
Author(s):  
Viktor M. Belov ◽  
Andrey I. Pestunov ◽  
Tamara M. Pestunova
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Security Risks ◽  
Risks Assessment

scholarly journals Use of entropy approach for information security risks assessment

2016 ◽  
Vol 4 (2) ◽  
pp. 255-261
Author(s):  
Volodymyr Mokhor ◽  
Vasyl Tsurkan ◽  
Yaroslav Dorohyi ◽  
Serhii Mykhailov ◽  
Oleksandr Bakalynskyi ◽  
...  
Keyword(s):  
Information Security ◽  
Security Risks ◽  
Risks Assessment

scholarly journals A Web based Information Security Risks Assessment Model

2015 ◽  
Vol 4 (3) ◽  
pp. 396-404
Author(s):  
B. K. Alese ◽  
O. Oyebade ◽  
O. Iyare ◽  
Osuolale A. Festus ◽  
A. F. Thompson
Keyword(s):  
Information Security ◽  
Assessment Model ◽  
Security Risks ◽  
Web Based ◽  
Risks Assessment

Commissioning Development to Externals

2021 ◽  
Vol 11 (3) ◽  
pp. 30-40
Author(s):  
Yasir Gokce
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Development Process ◽  
Business Processes ◽  
Holistic Approach ◽  
Development Project ◽  
Security Risks ◽  
Security Behavior ◽  
Business Functions

Bringing externals in the critical business processes and having them assume some or all of the responsibilities associated with the critical business functions comes with information security risks whose impact, if materialized, could be disastrous for business and therefore warrants a meticulous and holistic approach for managing those risks. Compounded with the engagement of externals in the development process, risks facing a development project require robust risk management by the outsourcing organization. The organization should be able influence the security behavior of those externals and induce them to comply with certain secure development principles and practices. Delving deep into those risks brought about by suppliers, this study aims at offering a methodology in addressing the risks associated with commissioning some or all components of a would-be-developed product to externals and shows how those risks can be mitigated by controlling the security behavior of suppliers through well-tailored contractual provisions.

Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations

2015 ◽  
Vol 11 (4) ◽  
pp. 52-69 ◽  
Author(s):  
Janine L. Spears ◽  
Tonia San Nicolas-Rocca
Keyword(s):  
Service Learning ◽  
Information Security ◽  
Knowledge Transfer ◽  
Initial Study ◽  
Security Risk ◽  
Security Risks ◽  
Community Based ◽  
Services Sector ◽  
Community Based Organizations ◽  
Study Results

Community-based organizations (CBOs) in the health and human services sector handle very sensitive client information, such as psychiatric, HIV testing, criminal justice, and financial records. With annual revenue often in the range of $1 to $10 million, these organizations typically lack the financial, labor, and technical resources to identify and manage information security risks within their environment. Therefore, information security risk assessments were conducted at CBOs as part of a university service learning course intended to ultimately improve security within participating CBOs. Knowledge transfer between trainees and trainers is essential in order for security improvements to be realized. Therefore, this paper constructs a theoretical model of knowledge transfer that is used as a lens through which to examine initial study results of the CBO interventions as part of an exploratory study.

scholarly journals THE EXTANDING OF ECONOMIC-COST MODEL OF INFORMATION SECURITY RISKS MANAGMENT BY THE USE OF SOCIAL-PSYCHOLOGICAL TYPES OF INTRUDERS

2015 ◽  
Vol 17 (1) ◽  
Author(s):  
Олександр Євгенійович Архипов ◽  
Андрій Володимирович Скиба ◽  
Олена Іванівна Хоріна
Keyword(s):  
Information Security ◽  
Cost Model ◽  
Economic Cost ◽  
Social Psychological ◽  
Security Risks ◽  
Psychological Types

scholarly journals Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

2021 ◽  
Vol 5 (2) ◽  
pp. 68
Author(s):  
Andeka Rocky Tanaamah ◽  
Friska Juliana Indira
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Security Management ◽  
Standard Operating Procedure ◽  
Job Descriptions ◽  
Christian University ◽  
Academic Administration ◽  
Access Rights ◽  
Academic Information ◽  
Iec 27001

IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.

Sign in / Sign up

Export Citation Format

Share Document