Supporting the context establishment according to ISO 27005 using patterns
نویسندگان
چکیده
The documentation of an information and communication system according to the requirements of the ISO 27005 standard is difficult, because the standard only provides sparse descriptions. We propose the use of specific patterns for the ISO 27005 standard, which can be instantiated for any given information and communication system. Each of our pattern will cover a section of the standard. In this paper we present one pattern for Section 7 of the standard, the context establishment. This is one of the initial steps of the standards and it is the input for following steps, e.g., the asset identification.
منابع مشابه
Towards the Ontology of ISO/IEC 27005: 2011 Risk Management Standard
The purpose of this paper is to present a solution to manage the concepts related to ISO/IEC 27005:2011 standard in such a way that different stakeholders could access and understand them without misleading their meanings. This paper presents an ontology to structure and organize core concepts of risk assessment phase of ISO/IEC 27005:2011 standard. The method of ontology development ontology f...
متن کاملRisk Management for ISO 27005 Decision support
The security of information systems focuses on raising the level of business security while aligning with its strategy and objectives. The family of ISO 2700x, whose theme is: Information technology Security techniques, allows taking into account all of these security problems, by offering a pack of uniform and standards that respect the continuous improvement cycle PDCA. Being closely linked t...
متن کاملToward an Effective Information Security Risk Management of Universities’ Information Systems Using Multi Agent Systems, Itil, Iso 27002,Iso 27005
Universities in the public and private sectors depend on information technology and information systems to successfully carry out their missions and business functions. Information systems are subject to serious threats that can have adverse effects on organizational operations and assets, and individuals by exploiting both known and unknown vulnerabilities to compromise the confidentiality, in...
متن کاملMapping between Classical Risk Management and Game Theoretical Approaches
In a typical classical risk assessment approach, the probabilities are usually guessed and not much guidance is provided on how to get the probabilities right. When coming up with probabilities, people are generally not well calibrated. History may not always be a very good teacher. Hence, in this paper, we explain how game theory can be integrated into classical risk management. Game theory pu...
متن کاملIdentifying and Ranking Technology-Telecommunications Context of Information Security anagement System in E-Government Using Fuzzy AHP Approach
In recent years, many security threats have entered into the organizations’ information and changed the organizational performance resulting in their exorbitant costs. This question is of particular importanceabout government agencies that use information and Internet systems. This issue enabled the top managers of organizations to implement a security system and minimize these costs. Using In...
متن کامل