scholarly journals Audit, Validation, Verification and Assessment for Safety and Security Standards

2021 ◽  
pp. 22-50
Author(s):  
Robert Kemp ◽  
◽  
◽  
Richard Smith
Keyword(s):  
Internal Auditing ◽  
Iec 61508 ◽  
Security Standards ◽  
Iec 62443 ◽  
Iso 27001

Internal auditing is important for ensuring compliance to multiple safety and security standards. The problem is that although safety and security have similarities when it comes to auditing, they also have differences that makes auditing both areas under the same process difficult. This paper has shown how to overcome those differences and leverage the similarities to create one auditing process for both safety and security. The paper has harmonized the different terminology between safety and security and showed how the new auditing process can allow compliance to IEC 61508, ISO 27001 and IEC 62443.

Assessing Privileged Access Management (PAM) using ISO 27001:2013 Control

2019 ◽  
Vol 5 (1) ◽  
pp. 65-76
Author(s):  
Anton Purba ◽  
Mohammad Soetomo
Keyword(s):  
Information Security ◽  
International Standards ◽  
Base Line ◽  
Access Management ◽  
Compliance Matrix ◽  
Privileged Access ◽  
Information Security Management System ◽  
Access Controls ◽  
Security Standards ◽  
Iso 27001

ISO 27001 is one of the most widely adopted and respected information security standards in use today. It is promulgated by the International Standards Organization (ISO). Many organizations seek to be certified for the standard, which provides a framework for implementing an Information Security Management System (ISMS). The standard touches on virtually every aspect of information security. Access controls - including Privileged Access Management (PAM), thus figure prominently into the ISO 27001 certification and audit processes. In order to manage their privileged accounts, organization should be use PAM to protect critical IT assets, meet the compliance regulation and to prevent data breaches. But unfortunately many organizations do not have enough knowledge when they plan to build PAM solutions. Many organization do not have base-line when they acquire new PAM technology. This paper will help organization to acquire PAM solution that meet the ISO 27001 control. Our compliance matrix give organization a guideline to achieving the implementation of ISMS framework with PAM technology.

scholarly journals Towards Cross-Standard Compliance Readiness: Security Requirements Model for Smart Grid

Energies ◽  
2021 ◽  
Vol 14 (21) ◽  
pp. 6862
Author(s):  
Milan Stojkov ◽  
Nikola Dalčeković ◽  
Branko Markoski ◽  
Branko Milosavljević ◽  
Goran Sladić
Keyword(s):  
Smart Grid ◽  
Critical Infrastructure ◽  
Unified Modeling Language ◽  
Building Blocks ◽  
Security Requirements ◽  
Security Controls ◽  
Geographical Regions ◽  
Custom Made ◽  
Security Standards ◽  
Iec 62443

The critical infrastructure is constantly under cyber and physical threats. Applying security controls without guidance or traceability can create a false sense of security. Security standards facilitate security knowledge and control best practices in a more systematic way. However, the number of standards is continually increasing. Product providers that operate in multiple geographical regions often face the obligation to comply with multiple standards simultaneously. This introduces the problem of the convenient interpretation of different standards. Thus, a comprehensive analysis of the requirements from different security standards and guidelines applicable to the smart grid has been performed to detect similarities that can be shaped into entities of the conceptual model for requirement representation. The purpose of the model—presented in a form of a Unified Modeling Language (UML) class diagram—is to give product providers a canonical way to map requirements from arbitrary standards, guidelines, and regulations and accelerate the cross-standard compliance readiness by defining priority for requirement implementation. In addition, the research showed that multiple vectors should impact the priority of the implementation of the security controls defined through the requirements: domain affiliation, the essence of the requirement, associated threats, risks, and social dependencies between actors involved in the implementation. To examine the model correctness, NISTIR 7628—de facto smart grid standard—was used to provide insights into how the model would be used for requirements implementation tracking. The structure of individual requirements was analyzed to detect the building blocks and extract relevant parts that can be mapped to the model components. Further, all requirements were classified into one of the defined domains to provide the basis for referencing similar requirements from different standards. Finally, one arbitrary requirement was used to demonstrate model usage, and depict all available information that can be provided to the users in a custom-made scenario where the need arises to have simultaneous alignment with three standards—NISTIR 7628, NIST 800-53, and IEC 62443-3-3.

From theory to practice: guidelines for enhancing information security management

2019 ◽  
Vol 27 (3) ◽  
pp. 326-342 ◽  
Author(s):  
Ioanna Topa ◽  
Maria Karyda
Keyword(s):  
Information Security ◽  
Management Practices ◽  
Gap Analysis ◽  
Security Management ◽  
Individual Characteristics ◽  
Content Type ◽  
Related Literature ◽  
Iso Standards ◽  
Security Standards ◽  
Iso 27001

Purpose This study aims to identify the implications of security behaviour determinants for security management to propose respective guidelines which can be integrated with current security management practices, including those following the widely adopted information security standards ISO 27001, 27002, 27003 and 27005. Design/methodology/approach Based on an exhaustive analysis of related literature, the authors identify critical factors influencing employee security behaviour and ISP compliance. The authors use these factors to perform a gap analysis of widely adopted information security standards ISO 27001, 27002, 27003 and 27005 and identify issues not covered or only partially addressed. Drawing on the implications of security behaviour determinants and the identified gaps, the authors provide guidelines which can enhance security management practices. Findings The authors uncover the factors shaping security behaviour barely or partly considered in the ISO information security standards ISO 27001, 27002, 27003 and 27005, including top management participation, accommodating individual characteristics, embracing the cultural context, encouraging employees to comply out of habit and considering the cost of compliance. Furthermore, the authors provide guidelines to security managers on enhancing their security management practices when implementing the above ISO Standards. Practical implications This study offers guidelines on how to create and design security management practices whilst implementing ISO standards (ISO 27001, ISO 27002, ISO 27003, ISO 27005) so as to enhance ISP compliance. Originality/value This study analyses the role and implications of security behaviour determinants, discusses discrepancies and conflicting findings in related literature, provides a gap analysis of commonly used information security standards (ISO 27001, 27002, 27003 and 27005) and proposes guidelines on enhancing security management practices towards improving ISP compliance.

Neue Gesetze gleich neues Know-how? - Der Weg durch den Verordnungsdschungel

2017 ◽  
Vol 22 (12) ◽  
pp. 62-62
Keyword(s):  
Know How ◽  
Iso 27001

Bundesdatenschutzgesetz (BDSG), IT-Sicherheitsgesetz, ISO 27001:2015, Europäische Datenschutz-Grundverordnung (EU-DSGVO), Kirchlicher Datenschutz (KDO), Orientierungshilfe Krankenhaus-Informationssystem (OH-KIS) – ein kurzer Auszug aus den aktuellen Gesetzen, Regelungen und Verordnungen zeigt, wie komplex die Themen Datenschutz und Datensicherheit für die Verantwortlichen in deutschen Gesundheitseinrichtungen sind. Ergänzt wird das noch durch Empfehlungen verschiedener Verbände und Gremien.

PENGARUH TINDAKAN MOBILISASI DINI TERHADAP DENYUT JANTUNG DAN FREKUENSI PERNAPASAN PADA PASIEN KRITIS DI ICU RSUD SLEMAN YOGYAKARTA

2019 ◽  
Vol 5 (3) ◽  
pp. 213-223
Author(s):  
Muhamat Nofiyanto ◽  
Tetra Saktika Adhinugraha
Keyword(s):  
Heart Rate ◽  
Respiratory Rate ◽  
Early Mobilization ◽  
Critical Conditions ◽  
P Value ◽  
Cardiorespiratory Function ◽  
Arterial Blood ◽  
Post Test ◽  
Critical Patients ◽  
Security Standards

Background: Patients with critical conditions in the ICU depend on a variety of tools to support their lifes. Patients’ conditions and and their unstable hemodynamic are challenges for nurses to perform mobilization. Less mobilization in critical patients can cause a variety of physical problems, one of them is cardiorespiratory function disorder. Objective: to investigate differences in heart rate (HR) and respiratory rate (RR) before, during, and immediately after early mobilization. Methods: This study employed quasi experiment with one group pre and post test design. Twenty four respondents were selected based on the criteria HR <110 / min at rest, Mean Arterial Blood Pressure between 60 to 110 mmHg, and the fraction of inspired oxygen <0.6. Early mobilization was performed to the respondents, and followed by assessments on the changes of respiratory rate and heart rate before, during, and immediately after the mobilization. Analysis of differences in this study used ANNOVA. Results: Before the early mobilization, mean RR was 22.54 and mean HR was 78.58. Immediately after the mobilization,  mean RR was 23.21 and mean HR was 80.75. There was no differences in the value of RR and HR, before and immediately after the early mobilization with the p-value of 0.540 and 0.314, respectively. Conclusions: Early mobilization of critical patients is relatively safe. Nurses are expected to perform early mobilization for critical patients. However, it should be with regard to security standards and rigorous assessment of the patient's conditions. Keywords: Early mobilization, critical patients, ICU

THE STATE OF PROFESSIONALISM IN INTERNAL AUDITING

1994 ◽  
Vol 21 (2) ◽  
pp. 85-116 ◽  
Author(s):  
DAVID C. BURNS ◽  
JAMES W. GREENSPAN ◽  
CAROLYN HARTWELL
Keyword(s):  
The State ◽  
Internal Auditing
Sign in / Sign up

Export Citation Format

Share Document