Policy revision in health enterprise information security: P3WG final report

2003 ◽  
Author(s):  
Kristen Sostrom ◽  
Jeff R. Collmann
Keyword(s):  
Information Security ◽  
Final Report ◽  
Enterprise Information ◽  
Health Enterprise

scholarly journals SELECTING SAFETY PACKAGE COMPONENTS OF ENTERPRISE INFORMATION SYSTEM FOLLOWING REQUIREMENTS OF STANDARD LEGAL DOCUMENTS

2018 ◽  
Vol 18 (3) ◽  
pp. 333-338
Author(s):  
E. A. Vitenburg ◽  
A. A. Levtsova
Keyword(s):  
Information System ◽  
Information Security ◽  
International Standards ◽  
Protection System ◽  
Enterprise Information System ◽  
Enterprise Information ◽  
Research Results ◽  
Legal Documents ◽  
The Russian Federation ◽  
Selection Of

Introduction. Production processes quality depends largely on the management infrastructure, in particular, on the information system (IS) effectiveness. Company management pays increasingly greater attention to the safety protection of this sphere. Financial, material and other resources are regularly channeled to its support. In the presented paper, some issues on the development of a safety enterprise information system are considered.Materials and Methods. Protection of the enterprise IS considers some specific aspects of the object, and immediate threats to IT security. Within the framework of this study, it is accepted that IS are a complex of data resources. A special analysis is resulted in determining categories of threats to the enterprise information security: hacking; leakage; distortion; loss; blocking; abuse. The connection of these threats, IS components and elements of the protection system is identified.  The requirements of normative legal acts of the Russian Federation and international standards regulating this sphere are considered. It is shown how the analysis results enable to validate the selection of the elements of the IS protection system.Research Results. A comparative analysis of the regulatory literature pertinent to this issue highlights the following. Different documents offer a different set of elements (subsystems) of the enterprise IS protection system. To develop an IS protection program, you should be guided by the FSTEC Order No. 239 and 800-82 Revision 2 Guide to ICS Security.Discussion and Conclusions. The presented research results are the basis for the formation of the software package of intellectual support for decision-making under designing an enterprise information security system. In particular, it is possible to develop flexible systems that allow expanding the composition  of the components (subsystems).

ENISA Study

2013 ◽  
pp. 105-143
Author(s):  
Rafal Leszczyna ◽  
Elyoenai Egozcue
Keyword(s):  
Information Security ◽  
Control Systems ◽  
Current View ◽  
Final Report ◽  
European Network ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
International Context ◽  
Research Survey

In 2011, the European Network and Information Security Agency (ENISA) conducted a study in the domain of Industrial Control Systems (ICS). Its objective was to obtain the current view on the ICS protection primarily in Europe but also in the international context. The ‘portrait’ included threats, risks, and challenges in the area of ICS protection as well as national, pan European, and international initiatives on ICS security. The study was performed through desktop research, survey and interviews, and a meeting with all involved stakeholders. This chapter highlights the most relevant parts of the final report of the study. It focuses on the challenges to securing ICS identified during the research, but also presents the context and the methodology of the study. In response to the challenges, the seven recommendations of ENISA for protecting ICS are proposed.

Enterprise Information Security Policies, Standards, and Procedures

2012 ◽  
pp. 67-89
Author(s):  
Syed Irfan Nabi ◽  
Ghmlas Saleh Al-Ghmlas ◽  
Khaled Alghathbar
Keyword(s):  
Information Security ◽  
Security Policies ◽  
Mutual Relationship ◽  
Enterprise Information ◽  
Key Players ◽  
Different Types ◽  
Standards And Guidelines ◽  
Security Standards ◽  
National Information

This chapter explores enterprise information security policies, standards, and procedures. It examines the existing resources, analyses the available options, and offers recommendations to the CIOs and other people that have to make decisions about policies, standards, and procedures to ensure information security in their enterprise. Additionally, the need, requirements, and audience for different types of security documents are scrutinized. Their mutual relationship is examined, and the association among them is illustrated with a diagram supplemented by an example to bring about better comprehension of these documents. It is important to know the sources and organizations that make standards and guidelines. Therefore, the major ones are discussed. This research involved finding all of the relevant documents and analyzing the reasons for the ever-increasing number of newer ones and the revisions of the existing ones. Various well-known and established international, as well as national, information security standards and guidelines are listed to provide a pertinent collection from which to choose. The distinguishing factors and common attributes are researched to make it easier to classify these documents. Finally, the crux of the chapter involves recommending appropriate information security standards and guidelines based on the sector to which an organization belongs. An analysis of the role played by these standards and guidelines in the effectiveness of information security is also discussed, along with some caveats. It is important for practitioners and researchers to know what is available, who the key players are, and the potential issues with information security standards and guidelines; they are all concisely presented in this chapter.

Sign in / Sign up

Export Citation Format

Share Document