Towards the Ontology of ISO/IEC 27005: 2011 Risk Management Standard
نویسنده
چکیده
The purpose of this paper is to present a solution to manage the concepts related to ISO/IEC 27005:2011 standard in such a way that different stakeholders could access and understand them without misleading their meanings. This paper presents an ontology to structure and organize core concepts of risk assessment phase of ISO/IEC 27005:2011 standard. The method of ontology development ontology follows seven steps guideline. A case scenario of a health clinic is developed to apply the proposed ontology where each entity and relation of the ontology is described. The paper provides a reference point for professionals and researchers by presenting an ontology to describe various concepts of ISO/IEC 27005:2011 in the field of information security risk management.
منابع مشابه
Mapping between Classical Risk Management and Game Theoretical Approaches
In a typical classical risk assessment approach, the probabilities are usually guessed and not much guidance is provided on how to get the probabilities right. When coming up with probabilities, people are generally not well calibrated. History may not always be a very good teacher. Hence, in this paper, we explain how game theory can be integrated into classical risk management. Game theory pu...
متن کاملA Study on Implementations of Information Security Risk Assessment: Application to Chlorine Processing System of Water Treatment
The international standard of information security risk management (ISO/IEC 27005:2011(E)) adopts an iterative approach and risk assessment methodology of information security incident scenarios analyses, applying the principle of 80/20 to calculate, and therefore should be able to save cost and to increase its effectiveness. On such a basis, we propose a rigorous and systematic approach to add...
متن کاملGenetic Algorithm Approach for Risk Reduction of Information Security
Nowadays, information systems constitute a crucial part of organizations; by losing security, these organizations will lose plenty of competitive advantages as well. The core point of information security (InfoSecu) is risk management. There are a great deal of research works and standards in security risk management (ISRM) including NIST 80030 and ISO/IEC 27005. However, only few works of rese...
متن کاملCSRA Model - A Cloud Service Risk Assessment Model
International Journal Web Applications Volume 7 Number 2 June 2015 ABSTRACT: Cloud computing is considered a paradigm both technology and business. Its widespread adoption is an increasingly effective trend. However, the lack of quality metrics and audit of services offered in the cloud slows its use, and it stimulates the increase in focused discussions with the adaptation of existing standard...
متن کاملToward an Effective Information Security Risk Management of Universities’ Information Systems Using Multi Agent Systems, Itil, Iso 27002,Iso 27005
Universities in the public and private sectors depend on information technology and information systems to successfully carry out their missions and business functions. Information systems are subject to serious threats that can have adverse effects on organizational operations and assets, and individuals by exploiting both known and unknown vulnerabilities to compromise the confidentiality, in...
متن کامل