PENGENALAN ISO 17799/BS7799: Sistem Manajemen Keamanan Informasi

In Luxembourg, like in many other countries, information security has become a central issue for private companies and public organizations. Today, information is the main asset of a company for its business and, at the same time, regulations are imposing more and more rules regarding its management. As a consequence, in Luxembourg, a clear need has emerged regarding the development of new learning trajectory fulfilling the requirements of the new job profile associated with a Chief Security Officer. This need was relayed by the national professional security association which asked for the development of a new education program targeting professional people engaged in a lifelong learning trajectory. The paper reports on the rigorous and scientific participatory approach for producing the adequate learning program meeting requirements elicited from the professional association members. The authors present the skills card that has been elaborated for capturing these requirements and the program, which has been built together with the University of Luxembourg for matching these requirements. This program proposes a holistic approach to information security management by including organization, human and technical security risks within the context of regulations and norms.

Download Full-text

Advanced Approach to Information Security Management System Model for Industrial Control System

The Scientific World JOURNAL ◽

10.1155/2014/348305 ◽

2014 ◽

Vol 2014 ◽

pp. 1-13 ◽

Cited By ~ 5

Author(s):

Sanghyun Park ◽

Kyungho Lee

Keyword(s):

Information Security ◽

Management System ◽

Security Management ◽

General Information ◽

Sensitive Information ◽

New Paradigm ◽

Industrial Control ◽

Information Security Management ◽

International Standard ◽

Information Security Management System

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Download Full-text

A Rigorous Approach to the Definition of an International Vocational Master’s Degree in Information Security Management

Security-Aware Systems Applications and Software Development Methods ◽

10.4018/978-1-4666-1580-9.ch018 ◽

2012 ◽

pp. 328-343

Author(s):

Frédéric Girard ◽

Bertrand Meunier ◽

Duan Hua ◽

Eric Dubois

Keyword(s):

Information Security ◽

Security Management ◽

Holistic Approach ◽

Learning Trajectory ◽

Learning Program ◽

Information Security Management ◽

Security Officer ◽

Rigorous Approach ◽

Definition Of ◽

The University

In Luxembourg, like in many other countries, information security has become a central issue for private companies and public organizations. Today, information is the main asset of a company for its business and, at the same time, regulations are imposing more and more rules regarding its management. As a consequence, in Luxembourg, a clear need has emerged regarding the development of new learning trajectory fulfilling the requirements of the new job profile associated with a Chief Security Officer. This need was relayed by the national professional security association which asked for the development of a new education program targeting professional people engaged in a lifelong learning trajectory. The paper reports on the rigorous and scientific participatory approach for producing the adequate learning program meeting requirements elicited from the professional association members. The authors present the skills card that has been elaborated for capturing these requirements and the program, which has been built together with the University of Luxembourg for matching these requirements. This program proposes a holistic approach to information security management by including organization, human and technical security risks within the context of regulations and norms.

Download Full-text

ISO 27000 Information Security Management System

Governance of Picture Archiving and Communications Systems ◽

10.4018/978-1-59904-672-3.ch002 ◽

2010 ◽

pp. 28-40

Author(s):

Carrison K.S. Tong ◽

Eric T.T. Wong

Keyword(s):

Information Security ◽

Management System ◽

Security Management ◽

Healthcare Organization ◽

Information Security Management ◽

International Standard ◽

Information Security Management System

The protection of information for a healthcare organization, in any form, while in storage, processing, or transport, from being available to any organization or person that is neither authorized by its owner to have it nor for patient caring, is the objective of information security management in healthcare. There are many standards on information security management. The international standard for information security management is ISO 27000. The objective of this chapter is to provide an introduction of ISO 27000 and its application in PACS.

Download Full-text

METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS FUNCTIONAL ANALYSIS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.8.192201 ◽

2020 ◽

Vol 4 (8) ◽

pp. 192-201

Author(s):

Vasyl Tsurkan

Keyword(s):

Functional Analysis ◽

Information Security ◽

Security Management ◽

Logical Structure ◽

International Standards ◽

Management Systems ◽

Graphic Notation ◽

Information Security Management ◽

Main Activity ◽

Definition Of

The process of functional analysis of information security management systems was considered. The relevance of their presentation with many interrelated functions with internal and external interfaces is shown. Taking this into account, the methods of functional analysis of information security management systems are analyzed. Among them, graphic notation IDEF0 is highlighted. This choice is based on the ability to display both interfaces of functions and the conditions and resources of their execution. The orientation of the graphic notation IDEF0 use is established mainly for the presentation of the international standards ISO/IEC 27k series, the display of the main stages of the information security management systems life cycle, the development of individual elements of information security management systems, in particular, risk management. These limitations have been overcome by the method of information security management systems in functional analysis. This was preceded by the definition of the theoretical foundations of this method. Its use allows to allocate their functions at both levels of the system, and levels of its structural elements (subsystems, complexes, components). To do this, define the purpose, viewpoint and establishes information security management as the main activity. It is represented by a set of hierarchically related functions that are represented by a family tree. Each function of this tree defines incoming, outgoing data, management, and mechanisms. This makes it possible to establish their consistency with the organizational structure at the “activity-system”, “process-subsystem”, “operation-module (complex)” and “action-block (component)” levels. In future studies, it is planned to define a hierarchy of functions and develop a logical structure of information security management systems based on the proposed method of functional analysis.

Download Full-text