scholarly journals Competitiveness of Regulatory Justice at Palestinian Universities when Practicing Information Security Standard (ISO/IEC 27002) in Light of Regulatory Symmetry: A Strategic Developmental Practical Proposal

2018 ◽  
Vol 11 (35) ◽  
pp. 3-36
Author(s):  
Nidal Al-Masri ◽  
◽  
Mhammed El.agha ◽  
Keyword(s):  
Information Security ◽  
Practical Proposal ◽  
Security Standard ◽  
Iec 27002 ◽  
Palestinian Universities

scholarly journals Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS

2020 ◽  
Vol 4 (4) ◽  
pp. 225
Author(s):  
Diah Sulistyowati ◽  
Fitri Handayani ◽  
Yohan Suryanto
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Critical Infrastructure ◽  
Readiness Assessment ◽  
Analysis And Design ◽  
Pci Dss ◽  
Security Standard ◽  
The Government ◽  
Security Standards ◽  
Iec 27002

Data or Information security in today's digital era is crucial in every organization that needs to pay attention. Management of organizational information is one of the components in realizing Good Corporate Governance. The measure of an adequate level of protection is an indicator of the cybersecurity awareness aspects of an organization's business processes in the short, medium, and long term, especially in the field that deals with information and communication technology (ICT). To make this happen, it requires a security standard that is appropriate and follows its needs to help organizations know the maturity level of cybersecurity in protecting its information security. The ABC organization is one of the Government agencies that manage the critical infrastructure and Indonesian digital economies. The organization has currently implemented several international security standards through its planning, implementation, evaluation document, and ICT activities.  However, based on the national information security readiness assessment, information security management readiness results are still not optimal. In this study, an analysis of the NIST, ISO 27002, COBIT, and PCI DSS security standards has been carried out, which are ABC organizational security standards in managing ICT by assigned tasks and functions. Furthermore, the analysis result is used as materials for drafting a cybersecurity maturity framework through the four standard approaches that have become the basis for ICT management. The proposed concept of twenty-one integrated cybersecurity categories is expected to be a capital in measure ICT management performance in ABC organizations.

scholarly journals Analisis Tingkat Keamanan Aplikasi SIMAK Menggunakan Standard ISO/IEC 27002:2013 (Studi Kasus: UPTTIK Universitas Siliwangi)

2021 ◽  
Vol 6 (2) ◽  
Author(s):  
Iyos Rosidin Pajar
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Data Security ◽  
Security Policies ◽  
Management Processes ◽  
Organizational Information ◽  
Iec 27002 ◽  
The University ◽  
Level 2 ◽  
Security Concern

The issue of data security seems to be one of the most intriguing topics to observe in the development of information technology in recent time/. The information technology related to the management processes, one of which is the SIMAK application at   the University of Siliwangi needs a higher security concern. This study aims to determine the level of security of the SIMAK application in which the researchers can provide recommendations to SIMAK managers. This could be the basis for the future improvements. Researchers used 4 domains from ISO / IEC 27002: 2013, namely domain 5, it contains information security policies. Domain 6, it contains organizational information security. Domain 9, it contains access control. Lastly, Domain 11, it contains physical and environmental security.  When they are specified from the four domains, 38 controls are obtained. Security, from the results of the questionnaire and weighting, the result of the 5 domains maturity value is= 1.49, the result of the domain 6 maturity value is= 1.52, while domain 9 maturity value is= 1.32 and domain 11 maturity value constitute to 1.97.  If it is averaged,  the Siliwangi University SIMAK application is at level 2 or repeatable.

Security of ICTs Supporting Healthcare Activities

2013 ◽  
pp. 208-228
Author(s):  
José Manuel Gaivéo
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
International Security ◽  
Communication Technologies ◽  
Risk Classification ◽  
Organizational Information ◽  
Security Standard ◽  
Information And Communication ◽  
Information Assets ◽  
Level Of Risk

Healthcare activities and all that are related with it are conducted by people. This single fact has brought up many precautions about patients and about information related with their health. Using information and communication technologies to support this kind of information requires particular attention about what happens, namely about who can use it and for what it can be used. This chapter intends to identify the vulnerabilities that could be explored, using an international security standard to support a proactive attitude in face of potential threats that explore the identified vulnerabilities, damaging organizational information assets. Another intention is the establishment of a basis of references in information security to define a level of risk classification to build a referential to the potential that a given threat has to exploit the vulnerabilities of an asset, preventing damages to personal and organizational property, including information, and also activity continuity.

Mapping information security standard ISO 27002 to an ontological structure

2016 ◽  
Vol 24 (5) ◽  
pp. 452-473 ◽  
Author(s):  
Stefan Fenz ◽  
Stefanie Plieschnegger ◽  
Heidi Hobel
Keyword(s):  
Information Security ◽  
Formal Representation ◽  
Content Type ◽  
Security Standard ◽  
Compliance Checking ◽  
Baseline Knowledge ◽  
Standards And Guidelines ◽  
Security Compliance ◽  
Security Standards ◽  
Machine Readable

Purpose The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets. Design/methodology/approach Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high. Findings This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets. Originality/value The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.

Sign in / Sign up

Export Citation Format

Share Document