INTEGRATED INFORMATION SECURITY RISK MANAGEMENT â•fi MERGING BUSINESS AND PROCESS FOCUSED APPROACHES
نویسندگان
چکیده
Previous papers mostly dealt with specific views of information security management (either technical, organizational for instance). Recently, major progress has been achieved in the development of a business driven approach with BORIS (Business Oriented management of Information Security) and a process-oriented approach called ORBIT (Operational Risks in Business and IT). An integrated framework is being described in this paper that bases on the beneficial and complementary merge of both approaches. It supports management of an enterprise’s information security functions with a strong economic focus whereby it specifically links business and information security objectives. The methodology to be presented has proven to be reliable, user friendly, consistent and precise under real conditions over several years in enterprises with world wide presence.
منابع مشابه
Towards Next Generation Business Process Model Repositories â•fi A Technical Perspective on Loading and Processing of Process Models
Business process management repositories manage large collections of process models ranging in the thousands. Additionally, they provide management functions like e.g. mining, querying, merging and variants management for process models. However, most current business process management repositories are built on top of relation database management systems (RDBMS) although this leads to performa...
متن کاملDuplicate Work Reduction in Business Continuity and Risk Management Processes
Business continuity management (BCM) and risk management (RM) processes are very important to current organizations. The former ensures that organizations can limit losses after severe contingencies or disasters. The latter helps organizations identify potential security incidents and adopt the most cost-effective countermeasures. However, current risk management approaches or methodologies do ...
متن کاملManaging of Information Systems Risks in Extended Enterprises: The Case of Outsourcing
IT security issues and outsourcing of business processes are common but largely disjoint themes in the literature; common consideration is rare even though information security risk becomes a shared risk both through IS-based processes at outsourcing partners and potentially tightly-integrated IS systems. This paper explores this lack of an integrated model combining IT risk management view wit...
متن کاملFrom the Resource to the Business Process Risk Level
Although a variety of information security risk management (ISRM) approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can the risk level of a business process be determined by taking the risk levels of the involved resources into account? This paper presents our research results regarding resource-based risk analysis method...
متن کاملThe role of Real option in e-business Risk management: The case of E-treasury project
Implementing information technology projects requires a calculated process to prevent failure. At the same time application of information technology in organizations faces various potential risks. Exploring information technology environment in organizations reveals the potential risks and provides a structure for comprehensive risk management. There are various methods available for risk mana...
متن کامل