Ontology-based analysis of information security standards and capabilities for their harmonization

2010 ◽  
Author(s):  
Vladimir I. Vorobiev ◽  
Ludmila N. Fedorchenko ◽  
Vadim P. Zabolotsky ◽  
Alexander V. Lyubimov
Keyword(s):  
Information Security ◽  
Security Standards

scholarly journals USE OF ONTOLOGIES IN MAPPING OF INFORMATION SECURITY REQUIREMENTS / ONTOLOGIJOS NAUDOJIMAS INFORMACIJOS SAUGUMO REIKALAVIMAMS SUSIET

2013 ◽  
Vol 5 (2) ◽  
pp. 88-91
Author(s):  
Simona Ramanauskaitė ◽  
Eglė Radvilė ◽  
Dmitrij Olifer
Keyword(s):  
Information Security ◽  
Best Practices ◽  
Security Requirements ◽  
Security Standards

A large amount of different security documents, standards, guidelines and best practices requires to ensure mapping between different security requirements. As the result of mapping, security requirements of different standards can coincide or require to be amended or harmonised. This is the reason why it is so difficult to map more than two different security documents. Ontologies can be used to solve this issue. The article offers a review of different security documents and ontology types as well as investigates possible use of ontologies for mapping of security standards. Article in Lithuanian Santrauka Esant daugybei informacijos saugą reglamentuojančių dokumentų, gairių ir standartų, aktualu tarpusavyje susieti juose apibrėžtus saugumo reikalavimus. Skirtinguose saugos dokumentuose aprašyti saugumo reikalavimai gali ne tik sutapti arba papildyti vienas kitą, bet ir prieštarauti vienas kitam. Tai labai apsunkina daugiau negu dviejų informacijos saugą reglamentuojančių dokumentų susiejimą. Vienas būdų susieti daugiau negu du saugą reglamentuojančius dokumentus galėtų būti ontologijos naudojimas. Straipsnyje apžvelgiami šiuo metu pagrindiniai saugą reglamentuojantys standartai, egzistuojančios saugumo ontologijos, išnagrinėta galimybė naudoti ontologiją saugą reglamentuojančių dokumentų reikalavimams susieti ir galimybę tokį susiejimą atvaizduoti grafais.

Enterprise Information Security Policies, Standards, and Procedures

2012 ◽  
pp. 67-89
Author(s):  
Syed Irfan Nabi ◽  
Ghmlas Saleh Al-Ghmlas ◽  
Khaled Alghathbar
Keyword(s):  
Information Security ◽  
Security Policies ◽  
Mutual Relationship ◽  
Enterprise Information ◽  
Key Players ◽  
Different Types ◽  
Standards And Guidelines ◽  
Security Standards ◽  
National Information

This chapter explores enterprise information security policies, standards, and procedures. It examines the existing resources, analyses the available options, and offers recommendations to the CIOs and other people that have to make decisions about policies, standards, and procedures to ensure information security in their enterprise. Additionally, the need, requirements, and audience for different types of security documents are scrutinized. Their mutual relationship is examined, and the association among them is illustrated with a diagram supplemented by an example to bring about better comprehension of these documents. It is important to know the sources and organizations that make standards and guidelines. Therefore, the major ones are discussed. This research involved finding all of the relevant documents and analyzing the reasons for the ever-increasing number of newer ones and the revisions of the existing ones. Various well-known and established international, as well as national, information security standards and guidelines are listed to provide a pertinent collection from which to choose. The distinguishing factors and common attributes are researched to make it easier to classify these documents. Finally, the crux of the chapter involves recommending appropriate information security standards and guidelines based on the sector to which an organization belongs. An analysis of the role played by these standards and guidelines in the effectiveness of information security is also discussed, along with some caveats. It is important for practitioners and researchers to know what is available, who the key players are, and the potential issues with information security standards and guidelines; they are all concisely presented in this chapter.

Mapping information security standard ISO 27002 to an ontological structure

2016 ◽  
Vol 24 (5) ◽  
pp. 452-473 ◽  
Author(s):  
Stefan Fenz ◽  
Stefanie Plieschnegger ◽  
Heidi Hobel
Keyword(s):  
Information Security ◽  
Formal Representation ◽  
Content Type ◽  
Security Standard ◽  
Compliance Checking ◽  
Baseline Knowledge ◽  
Standards And Guidelines ◽  
Security Compliance ◽  
Security Standards ◽  
Machine Readable

Purpose The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets. Design/methodology/approach Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high. Findings This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets. Originality/value The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.

scholarly journals A Framework for Information Security Management Based on Guiding Standards: A United States Perspective

10.28945/3188 ◽  
2008 ◽  
Author(s):  
Janice Sipior ◽  
Burke Ward
Keyword(s):  
Information Security ◽  
Personal Information ◽  
Security Policies ◽  
Global Competition ◽  
Operational Environment ◽  
Consumer Concerns ◽  
Strategic Approach ◽  
Process View ◽  
Security Standards ◽  
Audit Information

Despite government oversight, consumers continue to be concerned about the security of personal information used by corporations. Consumer concerns give rise to the necessity for corporations to manage information security. Navigating the multitude of existing security standards, including dedicated standards for information security and frameworks for controlling the implementation of information technology, presents a challenge to organizations. In response, we propose our ISM framework which considers global, national, organizational, and employee standards to guide ISM. We contend that a strategic approach to ISM will enable a focus on managing information as a key resource in global competition. This framework is intended to promote a cohesive approach which considers a process view of information within the context of the entire organizational operational environment. This framework can be used by international, national, and regional corporations to formulate, implement, enforce, and audit information security policies and practices.

Role of Cyber Security in Today's Scenario

2017 ◽  
pp. 177-191 ◽  
Author(s):  
Manju Khari ◽  
Gulshan Shrivastava ◽  
Sana Gupta ◽  
Rashmi Gupta
Keyword(s):  
Information Security ◽  
Computer Security ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Individual Property ◽  
Security Breaches ◽  
Information Tools ◽  
History Of ◽  
Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

The Adoption of Information Security Management Standards

2009 ◽  
pp. 119-140 ◽  
Author(s):  
Yves Barlette ◽  
Vladislav V. Fomin
Keyword(s):  
Information Security ◽  
Literature Review ◽  
Success Factors ◽  
Security Management ◽  
Information Security Management ◽  
Diffusion Of Information ◽  
Management Standards ◽  
Business Market ◽  
Security Standards ◽  
Iec 27001

This chapter introduces major information security management methods and standards, and particularly ISO/IEC 27001 and 27002 standards. A literature review was conducted in order to understand the reasons for the low level of adoption of information security standards by companies, and to identify the drivers and the success factors in implementation of these standards. Based on the findings of the literature review, we provide recommendations on how to successfully implement and stimulate diffusion of information security standards in the dynamic business market environment, where companies vary in their size and organizational culture. The chapter concludes with an identification of future trends and areas for further research.

Role of Cyber Security in Today's Scenario

2018 ◽  
pp. 1-15 ◽  
Author(s):  
Manju Khari ◽  
Gulshan Shrivastava ◽  
Sana Gupta ◽  
Rashmi Gupta
Keyword(s):  
Information Security ◽  
Computer Security ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Individual Property ◽  
Security Breaches ◽  
Information Tools ◽  
History Of ◽  
Security Standards

Cyber Security is generally used as substitute with the terms Information Security and Computer Security. This work involves an introduction to the Cyber Security and history of Cyber Security is also discussed. This also includes Cyber Security that goes beyond the limits of the traditional information security to involve not only the security of information tools but also the other assets, involving the person's own confidential information. In computer security or information security, relation to the human is basically to relate their duty(s) in the security process. In Cyber security, the factor has an added dimension, referring humans as the targets for the cyber-attacks or even becoming the part of the cyber-attack unknowingly. This also involves the details about the cybercriminals and cyber risks going ahead with the classification of the Cybercrimes which is against individual, property, organisation and society. Impacts of security breaches are also discussed. Countermeasures for computer security are discussed along with the Cyber security standards, services, products, consultancy services, governance and strategies. Risk management with the security architecture has also been discussed. Other section involves the regulation and certification controls; recovery and continuity plans and Cyber security skills.

Sign in / Sign up

Export Citation Format

Share Document