scholarly journals Advanced Approach to Information Security Management System Model for Industrial Control System

2014 ◽  
Vol 2014 ◽  
pp. 1-13 ◽  
Author(s):  
Sanghyun Park ◽  
Kyungho Lee
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
General Information ◽  
Sensitive Information ◽  
New Paradigm ◽  
Industrial Control ◽  
Information Security Management ◽  
International Standard ◽  
Information Security Management System

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

scholarly journals Considerations on the implementation steps for an information security management system

2018 ◽  
Vol 12 (1) ◽  
pp. 476-485
Author(s):  
Răzvan Cristian Ionescu ◽  
Ioana Ceaușu ◽  
Cristian Ilie
Keyword(s):  
Information Security ◽  
Management System ◽  
Organizational Context ◽  
Quality Management System ◽  
Security Management ◽  
Top Management ◽  
Sensitive Information ◽  
Information Security Management ◽  
Functional Quality ◽  
Information Security Management System

Abstract News about various information security attacks against companies appears almost every day. The sources of these attacks vary from cyber-criminals who want to steal companies’ data to demand a ransom, to current or former employees who want to create damage to the organization. The best way to defend organizational critical assets is to implement an Information Security Management System that secures all sensitive assets from confidentiality, availability and integrity perspective. An Information Security Management System offers top management a framework for sensitive information flow control. This framework includes with a risk assessment that considers the security threats and vulnerabilities of the company’s assets. Companies usually implement Information Security Management System only after they have a functional quality management system, which brings clarity and optimization to the company’s processes. Current approaches on creation and implementation of effective Information Security Management System are very theoretical and thus difficult to use in practice. The main objective of this paper is to present an Information Security Management System implementation method in the case of a small company by defining the basic steps in achieving a fully functional Information Security Management System. The proposed methodology considers the top management Information Security Management System objectives, organizational context, risks assessment and third parties expectations fulfillment.

ISO 27000 Information Security Management System

2010 ◽  
pp. 28-40
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Healthcare Organization ◽  
Information Security Management ◽  
International Standard ◽  
Information Security Management System

The protection of information for a healthcare organization, in any form, while in storage, processing, or transport, from being available to any organization or person that is neither authorized by its owner to have it nor for patient caring, is the objective of information security management in healthcare. There are many standards on information security management. The international standard for information security management is ISO 27000. The objective of this chapter is to provide an introduction of ISO 27000 and its application in PACS.

A pattern-based method for establishing a cloud-specific information security management system

2013 ◽  
Vol 18 (4) ◽  
pp. 343-395 ◽  
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Stephan Faßbender ◽  
Maritta Heisel ◽  
Stefan Hofbauer
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Specific Information ◽  
Information Security Management ◽  
Information Security Management System

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals The effectiveness of the Centralized Use of Digital Technologies, Information Resources and Information Protection Tools in Government by the Example of the Republic of Tyva

2020 ◽  
Vol 23 (6) ◽  
pp. 99-114
Author(s):  
B. S. Dongak ◽  
A. S. Shatohin ◽  
R. V. Meshcheryakov
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Management System ◽  
Economic Effect ◽  
Security Management ◽  
Information Resources ◽  
Information Protection ◽  
Information Security Management ◽  
Information Security Management System ◽  
Software And Hardware

Purpose of research. The purpose of this study is to assess the possibility of applying the methodology for centralized management of systems and information risks using the example of informatization of public departments of Republic of Tyva in order to optimize the cost of purchasing technical, software and hardware-software means of protecting information, as well as the payroll of maintenance technical personnel.Methods. One of the main research methods is the creation of an experimental model of the mechanism of a single information and computing network, combining various government departments located within the same administrative building, which allows working simultaneously with distributed or centralized applications, databases and other services, as well as centralized information risk management security. The next research method is the analysis and study of the principle of operation of information resources, information systems, databases, and the increase in the number of domain users if they are combined into a single data transfer network. The interaction and effectiveness of personnel, a specialized unit based on one government agency, ensuring the regular functioning of the network and the necessary level of information security for all government departments.Results. As a result, an economic effect is achieved by eliminating the acquisition of duplicate software and hardware information protection, increasing the efficiency of using unified information services, and creating a centralized structural unit that uses risk management tools and makes information security management decisions based on the principles of system analysis , structuring method and expert survey methods. The results of the study have been used in solving problems of improving the information security management system of the authorities of Republic of Tyva.Conclusion. We have developed the original information technology architecture of the information security management system and centralized use of information technologies for the government of Republic of Tyva. The distinctive features of the structure of software tools for the centralized approach are the multi-agent implementation of the control elements of the decision support system and the integration of various types of security management models into a single complex. 

Sign in / Sign up

Export Citation Format

Share Document