ISMS Building for SMEs through the Reuse of Knowledge

2012 ◽  
pp. 90-116
Author(s):  
Luís Enrique Sánchez ◽  
Antonio Santos-Olmo ◽  
Eduardo Fernandez-Medina ◽  
Mario Piattini
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Point Of View ◽  
Medium Size ◽  
Information Security Management ◽  
Business Size ◽  
Security Information ◽  
Considerable Experience

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

ISMS Building for SMEs through the Reuse of Knowledge

2013 ◽  
pp. 394-419
Author(s):  
Luís Enrique Sánchez ◽  
Antonio Santos-Olmo ◽  
Eduardo Fernandez-Medina ◽  
Mario Piattini
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Point Of View ◽  
Medium Size ◽  
Information Security Management ◽  
Business Size ◽  
Security Information ◽  
Considerable Experience

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

Information System Life Cycles and Security

2011 ◽  
pp. 274-284
Author(s):  
Albin Zuccato
Keyword(s):  
Information System ◽  
Life Cycle ◽  
Security Management ◽  
System Security ◽  
Life Cycle Stage ◽  
Life Cycles ◽  
Information Security Management ◽  
Legal Provision ◽  
Process Framework ◽  
System Life

Organizations are required by legal provision to include information system security into their day- today management activities. To do this effectively and efficiently, it is necessary that information security management integrates into the overall system life cycle. Here I will present a system life cycle and suggest which aspects of security should be covered at which life cycle stage of the system. Based on this, I will present a process framework that due to its iterativity and detailedness accommodates the needs for life cycle oriented security management.

scholarly journals Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education

2020 ◽  
Vol 9 (2) ◽  
pp. 429
Author(s):  
IGN Mantra ◽  
Aedah Abd. Rahman ◽  
Hoga Saragih
Keyword(s):  
Higher Education ◽  
Information System ◽  
Information Security ◽  
Security Management ◽  
System Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Practices ◽  
Level 3 ◽  
Iso 27001

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.   

scholarly journals Challenges Facing Information Systems Security Management in Higher Learning Institutions: A Case Study of the Catholic University of Eastern Africa - Kenya

2014 ◽  
Vol 3 (1) ◽  
pp. 336-349
Author(s):  
Bichanga Walter Okibo ◽  
Obara Brigit Ochiche
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Higher Learning ◽  
Eastern Africa ◽  
Information Systems Security ◽  
Information System Security ◽  
Systems Security ◽  
Learning Institutions

With the popularity of internet applications, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for the challenges facing information security management in higher learning institutions. Thus this research looked into the challenges facing information systems security management in higher learning institutions. The study was guided by understanding the major challenges facing Information Systems Security Management and establishing the extent of the use of Information Systems Security Management in higher learning institutions. The study used descriptive survey design. It targeted information systems projects managers, administrators or top management and other users (staff) of the systems in key departments. Systematic sampling strategy was used. Descriptive statistics of SPSS were used to analyze the data. Factor analysis technique was used to identify the major challenges that affect management of an institution’s information system security. Pearson’s Chi-Square was used to test the relationships that exist between the categorical variables. The study found out that system vulnerability, computer crime and abuse, environmental security and financial backing/security are key challenges institutions of higher learning are experiencing in the management of their information systems. The study recommends the implementation of new policies and procedures to guide information system security. Programs for monitoring and evaluating information systems security in relation to performance indicators should be put in place. Institutions should invest heavily in developing their staff through training programmes such as seminars, workshops and conferences to further develop staff skills and abilities on information systems security issues.

scholarly journals Integralus informacijos saugumo valdymo modelis

2012 ◽  
Vol 61 ◽  
pp. 07-30
Author(s):  
Saulius Jastiuginas
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Information Management ◽  
Theoretical Basis ◽  
Security Management ◽  
Scientific Basis ◽  
Integral Model ◽  
Management Tools ◽  
Information Security Management ◽  
Security Information

Saugumo sąvoka yra daugialypė ir nevienareikšmiškai apibrėžiama, saugumas gali būti suprantamas kaip būsena, kuri gali reikšti ir apsisaugojimą nuo pavojaus (objektyvus saugumas), ir saugumo jausmą (subjektyvus saugumas). Siekiant sumažinti neapibrėžtumą, aptariant saugumo sąvoką būtina įvardyti objektą, t. y. kas turi būti (tapti) saugu. Analizuojant informacijos saugumo mokslinių tyrimų problematiką, galima daryti prielaidą, kad pagrindinis objektas, kurį siekiama apsaugoti, yra informacija, tačiau neretai saugumo objektu virsta informacinės technologijos ar informacinės sistemos, kuriomis tvarkoma informacija. Darant esminę mokslinę prielaidą, kad svarbiausias informacijos saugumo objektas yra informacija, tikėtina, kad informacijos saugumas turėtų būti tiriamas kaip sudėtinė informacijos vadybos ir kitų gretutinių informacinių koncepcijų (informacijos išteklių vadybos, informacijos sistemų vadybos, informacijos įrašų vadybos) dalis. Straipsnyje aptariamas tyrimas, įrodantis keliamos mokslinės prielaidos pagrįstumą.Pagrindiniai žodžiai: informacijos saugumas, informacijos saugumo valdymas, informacijos vadyba, informacijos saugumo valdymo modelis.Integral Information Security Management ModelSaulius JastiuginasSummaryAnalysis of the currently most widely applied means of information security management (methodologies, standards, models) allows finding a growing assimilation of media content, but the frequent information security problems (for example, information security incident growth), show that the existing measures do not provide sufficient information security management.The analysis of information security research problems shows that the main object is to protect the information, but it often becomes the subject of security information technology or information systems that support information processing.A substantial scientific assumption is that the primary object of information security is information, it is likely that information security should be studied as an integral part of information management and the other related concepts (information resourcemanagement, information systems management, information, records management).The analysis of the information management has shown that the security component of informa30tion management is not developed. Scientific insight, emphasizing information as a critical resource organization, poor information management, focus on the resource security becomes a relevant scientific problem and do not provide scientific information security management problems that are apparent on the practical level.The aim of the study was to create a scientific basis for the integral management of information security model that integrates information security management and information management components.The paper deals with the basic information management tools and practices of information security management possibilities. The results of the analysis helped to reduce the gap in research and to develop a theoretical basis for the integral form of information security management model.The proposed theoretical model and the integrated security information management component extend the possibilities of secure information management.The aim of the article was to create a scientific basis for the integral model of information security management that integrates information security management and information management components.The paper analyzes the main information management tools and opportunities to use them for information security management. The results of the analysis helped to reduce the gap in scientific research and to develop a theoretical basis for the integral information security management model.

Sign in / Sign up

Export Citation Format

Share Document