scholarly journals Information Structure Framework for ISMS Planning and Certification: Malaysian Data

2018 ◽  
Vol 12 (2) ◽  
pp. 634
Author(s):  
Palaniappan Shamala ◽  
Muruga Chinniah ◽  
Cik Feresa Mohd Foozy ◽  
Chuah Chai Wen ◽  
Aida Mustapha ◽  
...  
Keyword(s):  
Information Security ◽  
Business Strategy ◽  
Information Structure ◽  
Measurement Model ◽  
Rasch Measurement ◽  
Information Security Management ◽  
Structure Framework ◽  
Information Security Management System ◽  
Information Assets ◽  
Structured Questionnaire

Information security are becoming an important aspect of organizations. Organisations also are progressively conscious of its important in their business strategy. The awareness make organisations are currently applying for information security management system (ISMS) to effectively manage their information assets. Therefore, this research aims to provide an Information Structure Framework for ISMS planning and certification. Then Likert structured questionnaire was distributed and the findings have been analyzed using Rasch Measurement Model (RMM). The results from this study, managed to develop Information Structure Framework for ISMS. The proposed framework consists of information structure focuses on providing the information outline which is structured in a way, in which the components are put together to form a meaningful structure which can be navigated at any time. The framework contributes to the field of ISMS and certification area. The framework provides an awareness on knowing beforehand what to do and to what extent they are already conquering the information needed for getting clear direction and to develop ISMS.

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

2015 ◽  
Vol 23 (2) ◽  
pp. 161-177 ◽  
Author(s):  
Li-Hsing Ho ◽  
Ming-Tsai Hsu ◽  
Tieh-Min Yen
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Security Management ◽  
Fuzzy Dematel ◽  
Information Security Management ◽  
Content Type ◽  
Cause And Effect ◽  
Information Security Management System ◽  
Security Control ◽  
Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

A pattern-based method for establishing a cloud-specific information security management system

2013 ◽  
Vol 18 (4) ◽  
pp. 343-395 ◽  
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Stephan Faßbender ◽  
Maritta Heisel ◽  
Stefan Hofbauer
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Specific Information ◽  
Information Security Management ◽  
Information Security Management System

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals ANALYSIS OF ROUTER ATTACK WITH SECURITY INFORMATION AND EVENT MANAGEMENT AND IMPLICATIONS IN INFORMATION SECURITY INDEX

2019 ◽  
Vol 2 (1) ◽  
pp. 1-7
Author(s):  
CITRA ARFANUDIN ◽  
Bambang Sugiantoro ◽  
Yudi Prayudi
Keyword(s):  
Information Security ◽  
Forensic Analysis ◽  
Event Management ◽  
Information Security Management System ◽  
Security Information ◽  
Information Assets ◽  
Security Index ◽  
Syn Flooding ◽  
The Government ◽  
The Impact

Information security is a need to secure organizational information assets. The government as the regulator issues an Information Security Management System (ISMS) and Information Security Index (US) as a measure of information security in the agency of a region. Security Information and Event Management (SIEM) is a security technology to secure information assets. SIEM is expected to provide information on attacks that occur on the router network and increase the value of the Indeks KAMI of government agencies. However, the use of SIEM is still questionable whether it can recognize a router attack and its impact on the value of our index. This research simulates attacks on routers with 8 attacks namely Mac Flooding, ARP-Poisoning, CDP Flooding, DHCP Starvation, DHCP Rogue, SYN Flooding SSH Bruteforce and FTP Bruteforce. 8 types of attacks followed by digital forensic analysis using the OSCAR method to see the impact on routers and SIEM. Also measured is index KAMI before and after the SIEM to be able to measure the effect of SIEM installation on the value of index KAMI. It was found that the use of SIEM to conduct security monitoring proved successful in identifying attacks, but not all were recognized by SIEM. SIEM only recognizes DHCP Starvation, DHCP Rogue, SSH Bruteforce and FTP Bruteforce. Mac Flooding, ARP-Poisoning, CDP Flooding, SYN Flooding attacks are not recognized by SIEM because routers do not produce logs. Also obtained is the use of SIEM proven to increase our index from the aspect of technology

scholarly journals The effectiveness of the Centralized Use of Digital Technologies, Information Resources and Information Protection Tools in Government by the Example of the Republic of Tyva

2020 ◽  
Vol 23 (6) ◽  
pp. 99-114
Author(s):  
B. S. Dongak ◽  
A. S. Shatohin ◽  
R. V. Meshcheryakov
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Management System ◽  
Economic Effect ◽  
Security Management ◽  
Information Resources ◽  
Information Protection ◽  
Information Security Management ◽  
Information Security Management System ◽  
Software And Hardware

Purpose of research. The purpose of this study is to assess the possibility of applying the methodology for centralized management of systems and information risks using the example of informatization of public departments of Republic of Tyva in order to optimize the cost of purchasing technical, software and hardware-software means of protecting information, as well as the payroll of maintenance technical personnel.Methods. One of the main research methods is the creation of an experimental model of the mechanism of a single information and computing network, combining various government departments located within the same administrative building, which allows working simultaneously with distributed or centralized applications, databases and other services, as well as centralized information risk management security. The next research method is the analysis and study of the principle of operation of information resources, information systems, databases, and the increase in the number of domain users if they are combined into a single data transfer network. The interaction and effectiveness of personnel, a specialized unit based on one government agency, ensuring the regular functioning of the network and the necessary level of information security for all government departments.Results. As a result, an economic effect is achieved by eliminating the acquisition of duplicate software and hardware information protection, increasing the efficiency of using unified information services, and creating a centralized structural unit that uses risk management tools and makes information security management decisions based on the principles of system analysis , structuring method and expert survey methods. The results of the study have been used in solving problems of improving the information security management system of the authorities of Republic of Tyva.Conclusion. We have developed the original information technology architecture of the information security management system and centralized use of information technologies for the government of Republic of Tyva. The distinctive features of the structure of software tools for the centralized approach are the multi-agent implementation of the control elements of the decision support system and the integration of various types of security management models into a single complex. 

Sign in / Sign up

Export Citation Format

Share Document