Assessment for Enterprise Security Decision Making
نویسندگان
چکیده
Assessment is an integral part of a chief information security officer’s (CISO) daily work. Continuously, the CISO must make security policy decisions, either introducing new policies or technologies in the organisation, or modifying existing policies. Assessment in this environment must inherently go beyond assessment of the policy’s security properties alone. It must include considerations about the impact of the security policy on employee productivity, the cost associated with it and the impact on business processes. Assessment therefore is less about precision than it is about comprehensiveness.
منابع مشابه
Assessment of Enterprise Information Security - An Architecture Theory Diagram Definition -
In order to manage and improve something, it is normally necessary to be able to assess the current state of affairs. A problem with assessment, however, is that in order to assess, it is normally necessary to be able to define the assessment topic. These general statements are also true within the area of Enterprise Information Security. Although much has been written on the topic, there is li...
متن کاملApplication of Three Parameter Interval Grey Numbers in Enterprise Resource Planning Selection
This paper applies a new multi attribute decision-making (MADM) model to help companies for enterprise resource planning (ERP) selection problem based on Balanced Score Card method. This paper uses three-parameter interval grey numbers which is derived from Grey theory (was proposed by J. Deng). This numbers is used instead of linguistic variables. Beside, a new weighting method that outcomes f...
متن کاملApplication of Three Parameter Interval Grey Numbers in Enterprise Resource Planning Selection
This paper applies a new multi attribute decision-making (MADM) model to help companies for enterprise resource planning (ERP) selection problem based on Balanced Score Card method. This paper uses three-parameter interval grey numbers which is derived from Grey theory (was proposed by J. Deng). This numbers is used instead of linguistic variables. Beside, a new weighting method that outcomes f...
متن کاملNew Realities of the Enterprise Management System Information Support: Economic and Mathematical Models and Cloud Technologies
The paper focuses on the urgency of the implementation of cloud technologies, which are a necessary condition for the development of enterprise management systems, give rise to a complex of insufficiently studied phenomena and processes and determine the need to find new tools in making and implementing reasonable management decisions. In the process of research, the sequence of construction an...
متن کاملAttack tree based information security risk assessment method integrating enterprise objectives with vulnerabilities
In order to perform the analysis and mitigation efforts related with the information security risks there exists quantitative and qualitative approaches, but the most critical shortcoming of these methods is the fact that the outcome mainly addresses the needs and priorities of the technical community rather than the management. For the enterprise management, this information is essentially req...
متن کاملA Fuzzy Decision Making Approach to Enterprise Resource Planning System Selection
Here, we propose a fuzzy analytic hierarchy process (FAHP) method to evaluate the alternatives of enterprise resource planning (ERP) system. The fuzzy AHP approach allows the users get values more accurately to model the vagueness which changes according subjective ideas in the decision-making environment for ERP system selection problem. Therefore, fuzzy AHP method is used to obtain firm decis...
متن کامل