118 Hits in 3.6 sec

Information Security Risk Management in a World of Services

Vincent Lalanne, Manuel Munier, Alban Gabillon
2013 2013 International Conference on Social Computing  
Context establishment Conduct of ISO/IEC 27005 Standard We do not deal with the study of securing the web services themselves we rather propose to study the impact of using a SOA on the information system  ...  It is precisely this goal that led to the creation of the ISO/IEC 27005 standard. ISO/IEC 27005 aims to establish a trust mark for the overall information security within enterprises.  ... 
doi:10.1109/socialcom.2013.88 dblp:conf/socialcom/LalanneMG13 fatcat:p6s2nmpunzcnxe23h6dedeyyhi

A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering [chapter]

Denisse Muñante, Vanea Chiprianov, Laurent Gallon, Philippe Aniorté
2014 Lecture Notes in Computer Science  
To deal with such issues, model-driven engineering (MDE) uses formal models and automatic model transformations. Therefore, we also review which SRE methods are compatible with MDE approaches.  ...  Moreover, the transition from these early security requirements to security policies at later stages in the lifecycle is generally non-automatic, informal and incomplete.  ...  Despite of stakeholders are interested parties to perform a risk analysis in ISO 27005 (i.e. they establish the context composed of risk analysis objectives, criteria of estimation risk, ..), the conceptual  ... 
doi:10.1007/978-3-319-10975-6_6 fatcat:hwxybyaa35a6dfzd4tdi33edza

Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach

Ludger Goeke, Nazila Gol Mohammadi, Maritta Heisel
2018 Future Internet  
Additionally, our proposed pattern supports the documentation of the scope and boundaries of a cloud computing service conforming to the requirements of the ISO 27005 standard (information security risk  ...  Besides the context analysis, our pattern supports the identification of high-level assets.  ...  Acknowledgments: We gratefully acknowledge constructive discussions with partners in the RestAssured project. We are also grateful to the reviewers and the editors of the paper for their comments.  ... 
doi:10.3390/fi10080072 fatcat:2zcw2fpvqfentny27xbhwfpn6q

Guiding the selection of security patterns based on security requirements and pattern classification

Anas Motii, Brahim Hamid, Agnès Lanusse, Jean-Michel Bruel
2015 Proceedings of the 20th European Conference on Pattern Languages of Programs - EuroPLoP '15  
In this context, this paper aims at guiding the selection of security patterns in security PBSE based on security risk management results and pattern classification.  ...  In this context, security patterns are selected by developers based on security requirements.  ...  This work is conducted in the context of a Ph.D. thesis funded by CEA LIST and co-leaded by CEA (LISE) and IRIT (MACAO). In addition, we would like to thank our shepherd Dr. Eduardo B.  ... 
doi:10.1145/2855321.2855332 dblp:conf/europlop/MotiiHLB15 fatcat:uezbkcpukvd5rph3oaq2bjyijm

Risk Management Practices in Information Security: Exploring the Status Quo in the DACH Region

Michael Brunner, Clemens Sauerwein, Michael Felderer, Ruth Breu
2020 Computers & security  
We analyzed general practices, documentation artifacts, patterns of stakeholder collaboration as well as tool types and data sources used by enterprises to conduct information security management activities  ...  This paper investigates the current state of risk management practices being used in information security management in the DACH region (Germany, Austria, Switzerland).  ...  Acknowledgments This work has been partially sponsored and supported by the Austrian Ministry for Transport, Innovation and Technology by Projects "SALSA" (Project-No. 855383), "Q-WEST" , "Digital Tourism  ... 
doi:10.1016/j.cose.2020.101776 fatcat:bld6ftaravghjhd7blhsfpvbau

ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System [chapter]

Kristian Beckers, Maritta Heisel, Bjørnar Solhaug, Ketil Stølen
2014 Lecture Notes in Computer Science  
In previous work we showed how existing security requirements engineering methods can be used to support the ISO 27001 information security standard.  ...  In this chapter we present ISMS-CORAS, which is an extension of the CORAS method for risk management that supports the ISO 27001 standard.  ...  The research presented in this chapter was partially funded by the European Commission FP7 via the NESSoS (256980) network of excellence and the RASEN (316853) project.  ... 
doi:10.1007/978-3-319-07452-8_13 fatcat:mkoytylpdbhjvcsyauour7jdky

An Adaptable Maturity Strategy for Information Security [article]

Gliner Dias Alencar, Hermano Perrelli de Moura, Ivaldir Honório de Farias Júnior, José Gilson de Almeida Teixeira Filho
2018 arXiv   pre-print
As a result, it was possible to classify the ISO/IEC 27001 and 27002 controls in four stages according to the importance given by the companies.  ...  For this, a survey was used as the main methodological instrument, reaching 157 distinct companies.  ...  Having as principles: establish Information Security throughout the organization; adopt a risk-based approach, recommending the joint use of ISO/IEC 27005; establish and align the investments; ensure the  ... 
arXiv:1807.06184v1 fatcat:y6kvw6vbwrarxf3l3f2deg47em

A Method for Re-using Existing ITIL Processes for Creating an ISO 27001 ISMS Process Applied to a High Availability Video Conferencing Cloud Scenario [chapter]

Kristian Beckers, Stefan Hofbauer, Gerald Quirchmayr, Christopher C. Wills
2013 Lecture Notes in Computer Science  
For small and medium-sized businesses, it is difficult to prepare and maintain the ISO 27001 certification.  ...  Many companies have already adopted their business processes to be in accordance with defined and organized standards.  ...  We created the pattern for cloud-specific context establishment and asset identification compliant to the ISO 27000 series of standards.  ... 
doi:10.1007/978-3-642-40511-2_16 fatcat:6tbz4yyc3jbd5abaw5z2jpejti

A pattern-based method for establishing a cloud-specific information security management system

Kristian Beckers, Isabelle Côté, Stephan Faßbender, Maritta Heisel, Stefan Hofbauer
2013 Requirements Engineering  
Assembling an Information Security Management System (ISMS) according to the ISO 27001 standard is difficult, because the standard provides only very sparse support for system development and documentation  ...  These can ease the effort of establishing an ISMS and can produce the necessary documentation for an ISO 27001 compliant ISMS. We illustrate our approach using the example of an online bank.  ...  [44] provide advice for an ISO 27001 realization. In addition, Klipper [16] focuses on risk management according to ISO 27005.  ... 
doi:10.1007/s00766-013-0174-7 fatcat:v2ayri4rnzg6zktupgnx2dxuqe

Overview of Enterprise Information Needs in Information Security Risk Assessment

Matus Korman, Teodor Sommestad, Jonas Hallberg, Johan Bengtsson, Mathias Ekstedt
2014 2014 IEEE 18th International Enterprise Distributed Object Computing Conference  
To explore these differences, this study compares twelve established methods on how their input suggestions map to the concepts of ArchiMate, a widely used modeling language for enterprise architecture  ...  Hereby, the study also tests the extent, to which ArchiMate accommodates the information suggested by the methods (e.g., for the use of ArchiMate models as a source of information for risk assessment).  ...  ACKNOWLEDGMENT This study has been financed by the Swedish Armed Forces and SweGrids, the Swedish Centre for Smart Grids and Energy Storage (; thereunder Fortum and the Swedish Energy Agency  ... 
doi:10.1109/edoc.2014.16 dblp:conf/edoc/KormanSHBE14 fatcat:qkqdx75rnvebzfrx276x5n7wwq

Cyber Security Risk Assessment

Valentin Briceag, Moldova State University, Tudor Bragaru, Moldova State University
2021 Economica  
This paper aims to elucidate modern trends in the assessment and treatment of cyber security risks of an entity, automatize the cyber security processes to remove repetitive tasks and reduce the influence  ...  The COVID-19 pandemic has accelerated the digitization of business processes, remote work/ access to sensitive data and critical corporate resources.  ...  According to the Webroot 2019 Inc. report.  ... 
doi:10.53486/econ.2021.115.123 fatcat:724rqkhdt5hx7lmgh73euorbfy

Privacy Issues of Unmanned Autonomous System

Jinkeun Jinkeun
2016 Indian Journal of Science and Technology  
In additionally, the various countermeasures are required to address the privacy issue in unmanned autonomous environment.  ...  Recently, the research and application of the unmanned autonomous environment with privacy is activated. Also the important of privacy issues in the unmanned auto equipment should be reconsidered.  ...  Acknowledgment This paper is supported from Department of Industry -Academia Corporation of Baekseok University. References  ... 
doi:10.17485/ijst/2016/v9i24/96025 fatcat:ymynqcer4bc4dlc4xc2pqtdmxq

A Maturity Model for Assessing IS Risk Management Activity Considering the Dependencies Between Its Elements

Mina Elmaallam, Hicham Bensaid, Abdelaziz Kriouile
2019 Computer and Information Science  
The present article shows first this lack in the section related to the comparative analysis of the existing models. Then, it proposes a maturity model to address this issue.  ...  The proposed model aims to assess the information system risk management activity while considering the dependencies between its elements.  ...  The domains of the MMGRSeg model are the six activities of the ISO / 27005 risk management processes: (1) context definition, (2) risk analysis / evaluation, (3) risk treatment, (4) risk acceptance, (5  ... 
doi:10.5539/cis.v12n1p98 fatcat:n54p45no6rgpvm76ggebu7h4su

Standard Compliant Hazard and Threat Analysis for the Automotive Domain

Kristian Beckers, Jürgen Dürrwang, Dominik Holling
2016 Information  
We show how ISO 26262 documentation can be re-used and enhanced to satisfy the analysis and documentation demands of the ISO 27001 standard.  ...  The automotive industry has successfully collaborated to release the ISO 26262 standard for developing safe software for cars.  ...  The work has been supported by ITK Engineering AG as part of two innovation projects. Author Contributions: All authors contributed equally. All authors have read and approved the final manuscript.  ... 
doi:10.3390/info7030036 fatcat:x4l3y5lpcjddbhkpmvxoyw3c4u

Smart Cities and the Challenges of Cross Domain Risk Management: Considering Interdependencies Between ICT-Security and Natural Hazards Disruptions

Busbach-Richard Uwe, Brian J. Gerber
2019 Economics and Culture  
Both domains use a multilayer approach in risk reduction, both have reasonably well-defined regimes and established risk management protocols.  ...  Likewise, ICT infrastructure is vulnerable to natural disasters too – and the risk of more severe natural disasters in the context of a global trend toward massive cities is increasing dramatically.  ...  ISO/IEC 27005 emphasizes the process perspective but does not recommend or even name any specific risk management method (ISO/IEC 2018).  ... 
doi:10.2478/jec-2019-0026 fatcat:idqeclahv5ejdhtdxf6mlear7i
« Previous Showing results 1 — 15 out of 118 results