An Information Security Model for Implementing the New ISO 27001

2019 ◽  
pp. 219-242
Author(s):  
Margareth Stoll
Keyword(s):  
Information Security ◽  
Data Privacy ◽  
Business Processes ◽  
International Standard Organization ◽  
Security Model ◽  
Privacy And Security ◽  
Holistic Model ◽  
Common Structure ◽  
Standard Organization ◽  
Iec 27001

The importance of data privacy, information availability, and integrity is increasingly recognized. Sharpened legal requirements and increasing data leakages have further promoted data privacy. In order to implement the different requirements in an effective, efficient, and sustainable way, the authors integrate different governance frameworks to their holistic information security and data privacy model. More than 1.5 million organizations worldwide are implementing a standard-based management system. In order to promote the integration of different standards, the International Standard Organization (ISO) released a common structure. ISO/IEC 27001 for information security management was changed accordingly in October 2013. The holistic model fulfills all requirements of the new version. Its implementation in several organizations and the study's results are described. In that way data privacy and security are part of all strategic, tactical, and operational business processes, promote corporate governance and living security, as well as the fulfillment of all standard requirements.

An Information Security Model for Implementing the New ISO 27001

2015 ◽  
pp. 216-238
Author(s):  
Margareth Stoll
Keyword(s):  
Information Security ◽  
Data Privacy ◽  
Business Processes ◽  
International Standard Organization ◽  
Security Model ◽  
Privacy And Security ◽  
Holistic Model ◽  
Common Structure ◽  
Standard Organization ◽  
Iec 27001

The importance of data privacy, information availability, and integrity is increasingly recognized. Sharpened legal requirements and increasing data leakages have further promoted data privacy. In order to implement the different requirements in an effective, efficient, and sustainable way, the authors integrate different governance frameworks to their holistic information security and data privacy model. More than 1.5 million organizations worldwide are implementing a standard-based management system. In order to promote the integration of different standards, the International Standard Organization (ISO) released a common structure. ISO/IEC 27001 for information security management was changed accordingly in October 2013. The holistic model fulfills all requirements of the new version. Its implementation in several organizations and the study's results are described. In that way data privacy and security are part of all strategic, tactical, and operational business processes, promote corporate governance and living security, as well as the fulfillment of all standard requirements.

Information Security Governance and Standard Based Management Systems

2012 ◽  
pp. 261-282 ◽  
Author(s):  
Margareth Stoll ◽  
Ruth Breu
Keyword(s):  
Corporate Governance ◽  
Information Security ◽  
Business Processes ◽  
Management Systems ◽  
Holistic Model ◽  
Information Security Management ◽  
Security Governance ◽  
Governance Model ◽  
Information Security Governance ◽  
Iec 27001

The importance of information and Information Systems for modern organizations as a key differentiator is increasingly recognized. Sharpened legal and regulatory requirements have further promoted to see information security governance as part of corporate governance. More than 1.37 million organizations worldwide are implementing a standards based management system, such as ISO9001 or others. To implement information security governance and compliance in an effective, efficient, and sustainable way, the authors integrate these standard based management systems with different information security governance frameworks and the requirements of the international ISO/IEC 27001 information security management standard to a holistic information security governance model. In that way information security is part of all strategic, tactical, and operational business processes promotes corporate governance and living information security. The implementation of this innovative holistic model in several organizations and the case studies results are described.

scholarly journals Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

2021 ◽  
Vol 5 (2) ◽  
pp. 68
Author(s):  
Andeka Rocky Tanaamah ◽  
Friska Juliana Indira
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Security Management ◽  
Standard Operating Procedure ◽  
Job Descriptions ◽  
Christian University ◽  
Academic Administration ◽  
Access Rights ◽  
Academic Information ◽  
Iec 27001

IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.

Technical Committee 46 “Information and Documentation” of the International Organization for Standardization (ISO/ TC 46) Celebrates its 60th Anniversary

2009 ◽  
pp. 80-89
Author(s):  
Olga A. Diakonova ◽  
Nina F. Kornoushenko
Keyword(s):  
International Organizations ◽  
Information Science ◽  
Technical Committee ◽  
International Standards ◽  
International Standard Organization ◽  
Library And Information Science ◽  
60Th Anniversary ◽  
Working Groups ◽  
Standard Organization ◽  
Information Work

Technical Committee 46 «Information and Documentation» of the International Standard Organization (ISO/TC 46) is published. Even a short description of ISO/TC 46 activities visually demonstrates what incredible and truly revolutionary changes happened during the last 60 years in the library, documentation and information work. The modern ISO/TC 46 structure is given, the work trends of its four subcommittees and numerous working groups, the interaction with other ISO technical committees and international organizations is characterized. Importance of standardization problems in the field of library and information science and of librarianship, in particularly, is confirmed by the authors’ practical work lasting for many year. The proposed information permits to better imagine the preparation process of the international standards and necessity of Russian specialists’ participation.

Data-driven sector coupling in 5G-based smart networks

2021 ◽  
Vol 22 (1) ◽  
pp. 53-68
Author(s):  
Guenter Knieps
Keyword(s):  
Data Privacy ◽  
Service Providers ◽  
Policy Implications ◽  
Network Industries ◽  
5G Networks ◽  
Privacy And Security ◽  
Open Set ◽  
Application Service ◽  
Downstream Application

5G attains the role of a GPT for an open set of downstream IoT applications in various network industries and within the app economy more generally. Traditionally, sector coupling has been a rather narrow concept focusing on the horizontal synergies of urban system integration in terms of transport, energy, and waste systems, or else the creation of new intermodal markets. The transition toward 5G has fundamentally changed the framing of sector coupling in network industries by underscoring the relevance of differentiating between horizontal and vertical sector coupling. Due to the fixed mobile convergence and the large open set of complementary use cases, 5G has taken on the characteristics of a generalized purpose technology (GPT) in its role as the enabler of a large variety of smart network applications. Due to this vertical relationship, characterized by pervasiveness and innovational complementarities between upstream 5G networks and downstream application sectors, vertical sector coupling between the provider of an upstream GPT and different downstream application industries has acquired particular relevance. In contrast to horizontal sector coupling among different application sectors, the driver of vertical sector coupling is that each of the heterogeneous application sectors requires a critical input from the upstream 5G network provider and combines this with its own downstream technology. Of particular relevance for vertical sector coupling are the innovational complementarities between upstream GPT and downstream application sectors. The focus on vertical sector coupling also has important policy implications. Although the evolution of 5G networks strongly depends on the entrepreneurial, market-driven activities of broadband network operators and application service providers, the future of 5G as a GPT is heavily contingent on the role of frequency management authorities and European regulatory policy with regard to data privacy and security regulations.

scholarly journals Towards Better Performance for Protected Iris Biometric System with Confidence Matrix

Symmetry ◽  
2021 ◽  
Vol 13 (5) ◽  
pp. 910
Author(s):  
Tong-Yuen Chai ◽  
Bok-Min Goi ◽  
Wun-She Yap
Keyword(s):  
Data Privacy ◽  
Recognition Performance ◽  
Generalized Solution ◽  
Performance Degradation ◽  
Public Confidence ◽  
Data Types ◽  
Privacy And Security ◽  
Biometric Data ◽  
Biometric Template ◽  
Template Protection

Biometric template protection (BTP) schemes are implemented to increase public confidence in biometric systems regarding data privacy and security in recent years. The introduction of BTP has naturally incurred loss of information for security, which leads to performance degradation at the matching stage. Although efforts are shown in the extended work of some iris BTP schemes to improve their recognition performance, there is still a lack of a generalized solution for this problem. In this paper, a trainable approach that requires no further modification on the protected iris biometric templates has been proposed. This approach consists of two strategies to generate a confidence matrix to reduce the performance degradation of iris BTP schemes. The proposed binary confidence matrix showed better performance in noisy iris data, whereas the probability confidence matrix showed better performance in iris databases with better image quality. In addition, our proposed scheme has also taken into consideration the potential effects in recognition performance, which are caused by the database-associated noise masks and the variation in biometric data types produced by different iris BTP schemes. The proposed scheme has reported remarkable improvement in our experiments with various publicly available iris research databases being tested.

Inconsistencies in Overdose Suicide Death Investigation Practice and Potential Remedies Using Technology: A Centers for Disease Control and Prevention Consultation Meeting Summary

2021 ◽  
pp. 192536212110224
Author(s):  
Melissa C. Mercado ◽  
Deborah M. Stone ◽  
Caroline W. Kokubun ◽  
Aimée-Rika T. Trudeau ◽  
Elizabeth Gaylor ◽  
...  
Keyword(s):  
System Integration ◽  
Data Privacy ◽  
Burden Of Proof ◽  
The United States ◽  
Privacy And Security ◽  
Death Scene ◽  
Undetermined Intent ◽  
Control And Prevention ◽  
Scene Description ◽  
Death Investigation

Introduction: It is widely accepted that suicides—which account for more than 47 500 deaths per year in the United States—are undercounted by 10% to 30%, partially due to incomplete death scene investigations (DSI) and varying burden-of-proof standards across jurisdictions. This may result in the misclassification of overdose-related suicides as accidents or undetermined intent. Methods: Virtual and in-person meetings were held with suicidologists and DSI experts from five states (Spring-Summer 2017) to explore how features of a hypothetical electronic DSI tool may help address these challenges. Results: Participants envisioned a mobile DSI application for cell phones, tablets, or laptop computers. Features for systematic information collection, scene description, and guiding key informant interviews were perceived as useful for less-experienced investigators. Discussion: Wide adoption may be challenging due to differences in DSI standards, practices, costs, data privacy and security, and system integration needs. However, technological tools that support consistent and complete DSIs could strengthen the information needed to accurately identify overdose suicides.

scholarly journals Secure Framework Enhancing AES Algorithm in Cloud Computing

2020 ◽  
Vol 2020 ◽  
pp. 1-16
Author(s):  
Ijaz Ahmad Awan ◽  
Muhammad Shiraz ◽  
Muhammad Usman Hashmi ◽  
Qaisar Shaheen ◽  
Rizwan Akhtar ◽  
...  
Keyword(s):  
Data Privacy ◽  
Security Threats ◽  
Privacy And Security ◽  
Plain Text ◽  
Aes Algorithm ◽  
Confidential Data ◽  
Network Usage ◽  
Data Centres ◽  
Demand Service ◽  
Remote Data

The tremendous growth of computational clouds has attracted and enabled intensive computation on resource-constrained client devices. Predominantly, smart mobiles are enabled to deploy data and computational intensive applications by leveraging on the demand service model of remote data centres. However, outsourcing personal and confidential data to the remote data servers is challenging for the reason of new issues involved in data privacy and security. Therefore, the traditional advanced encryption standard (AES) algorithm needs to be enhanced in order to cope with the emerging security threats in the cloud environment. This research presents a framework with key features including enhanced security and owner’s data privacy. It modifies the 128 AES algorithm to increase the speed of the encryption process, 1000 blocks per second, by the double round key feature. However, traditionally, there is a single round key with 800 blocks per second. The proposed algorithm involves less power consumption, better load balancing, and enhanced trust and resource management on the network. The proposed framework includes deployment of AES with 16, 32, 64, and 128 plain text bytes. Simulation results are visualized in a way that depicts suitability of the algorithm while achieving particular quality attributes. Results show that the proposed framework minimizes energy consumption by 14.43%, network usage by 11.53%, and delay by 15.67%. Hence, the proposed framework enhances security, minimizes resource utilization, and reduces delay while deploying services of computational clouds.

Sign in / Sign up

Export Citation Format

Share Document