scholarly journals Suggestion of applicability of ISO for the improvement of data security in companies

2020 ◽  
pp. 37027-37033
Keyword(s):  
Information Security ◽  
Data Security ◽  
Security Policy ◽  
Quantitative Research ◽  
Data Exchange ◽  
Technical Standards ◽  
Efficient Data ◽  
Questionnaire Research ◽  
Iso 27001 ◽  
Employee Data

Suggestion of applicability of ISO to improve the security of company information. Elaborated through a bibliographic research to understand the concepts applied in the present work, adopting a quantitative research through a questionnaire. Research directed to professionals and university students of information technology, and to a random audience. A documentary research was also carried out to collect data in informal *institutions*. The following technical standards were adopted: NBR-ISO-27001, NBR-ISO-27002, NBR-ISO-27008, NBR-ISO-27036, with distinct characteristics and with the intention of being useful in suggesting the applicability of ISO in company procedures. It was possible to evaluate the reliability of the companies in relation to the security of their employee data. With the suggestion of applying the ISO to companies, it is possible to obtain a greater security, as well as a greater availability, with more efficient data exchange. The information security policy is established through rules, standards, and procedures, which must be used internally and externally, providing more reliability. Company employees will begin to carry out processes more efficiently within the organizations. Therefore, the suggestion of using the ISO for information security in companies becomes significantly important because it is one more contribution so that they can have rules to protect both their data and those of their employees.

scholarly journals Desain dan Implementasi Standar Operasional Prosedur (SOP) Keamanan Sistem Informasi Fakultas Teknik Universitas Diponegoro Menggunakan Standar ISO 27001

2015 ◽  
Vol 3 (3) ◽  
pp. 387
Author(s):  
Penji Prasetya ◽  
Adian Fatchur Rochim ◽  
Ike Pertiwi Windasari
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Qualitative Methodology ◽  
Standard Operating Procedures ◽  
Final Project ◽  
Security Controls ◽  
Standard Operating ◽  
Initial Objective ◽  
Iso 27001

Like today's modern era, information technology is needed to support the business processes of the organization. In the use of information technology organization must have policies and standard operating procedures are good that any work carried out in the appropriate direction of the organization. Not only that, the organization must also pay attention to information security of any assets owned. This final project aims to make policies and standard operating procedures (SOP) and assessing the information security risk in the assets of the organization. In the process of this skripsi refers to the standard of ISO 27001 as the standard for information security management and use of qualitative methodology, where qualitative methodology is a methodology that produces descriptive data in the form of words written or spoken of people and behaviors that can be observed. This final project resulted in the level of risk that is contained in the value of assets and generate recommendations to improve the security controls in the information security of assets based on the clauses of ISO 27001. In accordance with the initial objective of this final project also produce information security policy document and document information security standard operating procedures.

scholarly journals EU Digital Sovereignty

2021 ◽  
Vol 102 (2) ◽  
pp. 40-49
Author(s):  
Elena Zinovieva ◽  
◽  
Valeriya Bulva ◽  
Keyword(s):  
Big Data ◽  
Information Security ◽  
Data Security ◽  
Power Analysis ◽  
Security Policy ◽  
State Sovereignty ◽  
Individual Member ◽  
Important Place ◽  
Digital Society ◽  
The Eu

Today ensuring data security is becoming one of the priority areas of EU policy. In February 2020, the EU adopted the Data Strategy aiming at strengthening its leadership in a digital society. Although the strategy sets primarily economic goals, the problem of ensuring digital sovereignty occupies an important place. The purpose of this study is to examine the EU information security policy, starting from the concept of "Westphalian sovereignty" proposed by the S. Krasner. This concept found coverage in the works of M.M. Lebedeva. S. Krasner defines "Westphalian sovereignty" as the completeness of state power within the borders and the absence of other subjects of power. Analysis of the EU strategy in the field of information security and big data allows us to conclude that the EU emphasizes the need to limit the “Westphalian sovereignty” within the framework of an integration structure, and not individual member states. This contributes to understanding of the trends of evolution of state sovereignty in the context of globalization and the modern data revolution.

Applying Technical Standards to Biometric Systems

2016 ◽  
Vol 8 (2) ◽  
pp. 50-59
Author(s):  
Milorad Milinković ◽  
Miroslav Minović ◽  
Miloš Milovanović
Keyword(s):  
Data Security ◽  
Privacy Protection ◽  
Data Exchange ◽  
International Organization ◽  
The Other ◽  
Security And Privacy ◽  
Technical Standards ◽  
Biometric Data ◽  
Biometric Systems ◽  
Common Problems

Nowadays, the development and the application of biometric systems on one hand, and the large number of hardware and software manufacturers on the other, caused two the most common problems of biometric systems: a problem of interoperability between system's components as well as between different biometric systems and a problem of biometric data security and privacy protection, both in storage and exchange. Specifications and standards, such as BioAPI and CBEFF, registered and published as multiple standards by ISO (International Organization for Standardization), propose the establishment of single platform (BioAPI) to facilitate the functioning of the biometric systems regardless of hardware or software manufacturers, and unique format for data exchange (CBEFF) to secure biometric data. In this paper, these standards are analyzed in detail and considered as possible solutions to aforementioned problems.

Designing an Effective Information Security Policy for Public Organizations

2021 ◽  
pp. 1176-1193
Author(s):  
Yassine Maleh ◽  
Mustapha Belaissaoui
Keyword(s):  
Middle East ◽  
Information Security ◽  
North Africa ◽  
Security Policy ◽  
Success Factors ◽  
Public Organizations ◽  
Security Policies ◽  
Information Security Policy ◽  
Specific Focus ◽  
Iso 27001

This chapter aims to study the success factors of the ISO 27001 framework related to the implementation of information security in organizations, with particular emphasis on the different maturity controls of ISO 27001 in the implementation of information security policies in organizations. The purpose of this paper is to investigate what controls are commonly used and how they are selected to the implementation of information security in large public organizations in Middle East and North Africa MENA through ISO 27001, with a specific focus on practical framework for the implementation of an effective information security policy through ISO27001. The finding will help organizations to assess organizations to implement an effective information security policy.

Laboratory information system and necessary improvements in function and programming

2018 ◽  
Vol 42 (6) ◽  
pp. 277-287 ◽  
Author(s):  
Roland Kammergruber ◽  
Jürgen Durner
Keyword(s):  
Data Security ◽  
Data Exchange ◽  
Service Oriented Architecture ◽  
Data Transfer ◽  
Ishikawa Diagram ◽  
Master Data ◽  
Efficient Data ◽  
Service Oriented ◽  
Agile Software ◽  
Laboratory Information Systems

AbstractSince the 1970s, computer supported data processing has been implemented in the laboratory and laboratory information systems (LIS) are being developed. In the following years, the programs were expanded and new laboratory requirements were inserted to the LIS. In the last few years, the requirements have grown more and more. The current tasks of the LIS are not only the management of laboratory requirements but also management of processes, data security and data transfer and they have become very important. Therefore, the current monolithic architecture of LIS has reached its limits. New methodologies like service oriented architecture, e.g. microservices, should be implemented. Thereby different specialized manufacturers provide software for one or a few tasks. These tasks can be more easily actualized like in the new field of agile software development. This new concept has been designed to provide updates and customer requirements according to its new organization structure in program development in a short time. For efficient data transfer, new interfaces and a standardization of master data like logical observation identifier names and codes (LOINC®) are advisable. With the growing data transfer, data security plays an increasingly important role. New concepts like blockchain programming (e.g. Medrec) are currently tested in (laboratory) medicine. To get an overview of the requirements of the own LIS, an Ishikawa diagram should be created. The main points of an Ishikawa diagram are shown and discussed. Based on the today-collected data, expert systems will be developed. For this kind of data mining, a structured data exchange is necessary.

scholarly journals Maturity assessment of Kenya’s health information system interoperability readiness

2021 ◽  
Vol 28 (1) ◽  
pp. e100241
Author(s):  
Job Nyangena ◽  
Rohini Rajgopal ◽  
Elizabeth Adhiambo Ombech ◽  
Enock Oloo ◽  
Humphrey Luchetu ◽  
...  
Keyword(s):  
Health Information ◽  
Information Exchange ◽  
Working Group ◽  
Data Exchange ◽  
Enterprise Architecture ◽  
Health Information Exchange ◽  
Digital Health ◽  
Health Information System ◽  
Maturity Level ◽  
Technical Standards

BackgroundThe use of digital technology in healthcare promises to improve quality of care and reduce costs over time. This promise will be difficult to attain without interoperability: facilitating seamless health information exchange between the deployed digital health information systems (HIS).ObjectiveTo determine the maturity readiness of the interoperability capacity of Kenya’s HIS.MethodsWe used the HIS Interoperability Maturity Toolkit, developed by MEASURE Evaluation and the Health Data Collaborative’s Digital Health and Interoperability Working Group. The assessment was undertaken by eHealth stakeholder representatives primarily from the Ministry of Health’s Digital Health Technical Working Group. The toolkit focused on three major domains: leadership and governance, human resources and technology.ResultsMost domains are at the lowest two levels of maturity: nascent or emerging. At the nascent level, HIS activities happen by chance or represent isolated, ad hoc efforts. An emerging maturity level characterises a system with defined HIS processes and structures. However, such processes are not systematically documented and lack ongoing monitoring mechanisms.ConclusionNone of the domains had a maturity level greater than level 2 (emerging). The subdomains of governance structures for HIS, defined national enterprise architecture for HIS, defined technical standards for data exchange, nationwide communication network infrastructure, and capacity for operations and maintenance of hardware attained higher maturity levels. These findings are similar to those from interoperability maturity assessments done in Ghana and Uganda.

Sign in / Sign up

Export Citation Format

Share Document