scholarly journals Model-based Framework for Change Management and Integrated Devlopment of Information Security

2018 ◽  
Vol 5 (3) ◽  
pp. 586-597
Author(s):  
Anna Medve
Keyword(s):  
Information Security ◽  
Change Management ◽  
Enterprise Architecture ◽  
Specific Model ◽  
Decision Makers ◽  
User Requirements ◽  
Empirical Validation ◽  
User Requirements Notation ◽  
Generic Models ◽  
Iec 27001

This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B change management with empirical validation within a commercial SME. The framework supports MDE process of enterprise architecture re-engineering integrating the development of information security.

scholarly journals Model-based Framework for Change Management and Integrated Development of Information Security

2013 ◽  
Vol 5 (3) ◽  
pp. 586-597
Author(s):  
Anna Medve
Keyword(s):  
Information Security ◽  
Change Management ◽  
Enterprise Architecture ◽  
Specific Model ◽  
Decision Makers ◽  
User Requirements ◽  
Integrated Development ◽  
User Requirements Notation ◽  
Generic Models ◽  
Iec 27001

This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B change management with empirical validation within a commercial SME. The framework supports MDE process of enterprise architecture re-engineering integrating the development of information security

Information Security Management

2013 ◽  
Vol 3 (3) ◽  
pp. 32-48 ◽  
Author(s):  
José Martins ◽  
Henrique dos Santos ◽  
António Rosinha ◽  
Agostinho Valente
Keyword(s):  
Information Security ◽  
Decision Makers ◽  
Military Organization ◽  
Military Organizations ◽  
Security Controls ◽  
Iec 27001 ◽  
The Military ◽  
Flow Of Information ◽  
Security Incidents

The authors present a Case Study conducted in a Portuguese military organization, to answer the following research questions: (1) what are the most relevant dimensions and categories of information security controls applied in military organizations? (2) What are the main scenarios of information security incidents that are expected to occur? (3) What is the decision process used for planning and selection information security controls? This study reveals that: (1) information security within the military organization is built on the basis of physical and human attack vectors, and targeting the infrastructure that supports the flow of information in the organization; (2) the information security controls applied in the military organization are included in ISO/IEC 27001; (3) planning and selection of applied information security controls are made by decision makers and information security specialists. It appears that specialists impose their planning options essentially seeking to select and retrieve past successful information security cases.

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

2021 ◽  
Vol 5 (2) ◽  
pp. 68
Author(s):  
Andeka Rocky Tanaamah ◽  
Friska Juliana Indira
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Security Management ◽  
Standard Operating Procedure ◽  
Job Descriptions ◽  
Christian University ◽  
Academic Administration ◽  
Access Rights ◽  
Academic Information ◽  
Iec 27001

IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.

An Information Security Model for Implementing the New ISO 27001

2019 ◽  
pp. 219-242
Author(s):  
Margareth Stoll
Keyword(s):  
Information Security ◽  
Data Privacy ◽  
Business Processes ◽  
International Standard Organization ◽  
Security Model ◽  
Privacy And Security ◽  
Holistic Model ◽  
Common Structure ◽  
Standard Organization ◽  
Iec 27001

The importance of data privacy, information availability, and integrity is increasingly recognized. Sharpened legal requirements and increasing data leakages have further promoted data privacy. In order to implement the different requirements in an effective, efficient, and sustainable way, the authors integrate different governance frameworks to their holistic information security and data privacy model. More than 1.5 million organizations worldwide are implementing a standard-based management system. In order to promote the integration of different standards, the International Standard Organization (ISO) released a common structure. ISO/IEC 27001 for information security management was changed accordingly in October 2013. The holistic model fulfills all requirements of the new version. Its implementation in several organizations and the study's results are described. In that way data privacy and security are part of all strategic, tactical, and operational business processes, promote corporate governance and living security, as well as the fulfillment of all standard requirements.

Formalizing Patterns with the User Requirements Notation

2011 ◽  
pp. 302-323 ◽  
Author(s):  
Gunter Mussbacher ◽  
Daniel Amyot ◽  
Michael Weiss
Keyword(s):  
Design Patterns ◽  
User Requirements ◽  
Trade Off ◽  
User Requirements Notation ◽  
Trade Offs ◽  
Combined Use ◽  
Particular Solution

Patterns need to be described and formalized in ways that enable the reader to determine whether the particular solution presented is useful and applicable to his or her problem in a given context. However, many pattern descriptions tend to focus on the solution to a problem, and not so much on how the various (and often conflicting) forces involved are balanced. This chapter describes the user requirements notation (URN), and demonstrates how it can be used to formalize patterns in a way that enables rigorous trade-off analysis while maintaining the genericity of the solution description. URN combines a graphical goal language, which can be used to capture forces and reason about trade-offs, and a graphical scenario language, which can be used to describe behavioral solutions in an abstract manner. Although each language can be used in isolation in pattern descriptions (and have been in the literature), the focus of this chapter is on their combined use. It includes examples of formalizing Design patterns with URN together with a process for trade-off analysis.

A Risk Integration Framework for the Service-Oriented Enterprise

2020 ◽  
pp. 133-153
Author(s):  
Eric Grandry ◽  
Christophe Feltus ◽  
Eric Dubois
Keyword(s):  
Information System ◽  
Information Security ◽  
Enterprise Architecture ◽  
Security Risks ◽  
Conceptual Integration ◽  
Integration Framework ◽  
Management Domain ◽  
Service Oriented ◽  
Architecture Management

Enterprise architecture management provides the mechanism for governing enterprise transformations required by changes in the environment. In this article, the authors focus on changes that result from the analysis of information system risks and of their impacts on the services delivered by the enterprise. The authors present how the concepts of an information system risks management domain can be integrated into the ArchiMate enterprise architecture modelling language. This article approaches the conceptual integration in two design cycles: first, this article will consider information security risks, and then the authors generalize to information system risks. Additionally, the authors illustrate the application of the proposed approach and demonstrate the benefits of the integrated model through the handling of a case study, first in the domain of information security, and then in the domain of information privacy. The generalized risk-oriented EA model leads to a risk integration framework for the service-oriented enterprise.

Sign in / Sign up

Export Citation Format

Share Document