Towards Process Centered Information Security Management - A Common View for Federated Business Processes and Personal Data Usage Processes
نویسندگان
چکیده
While comparing the progress of our two research projects of developing an information security management system (ISMS) for federated business process landscapes and the enhancement of security of social networks, we discovered a fundamental view congruency concerning the way information security can be handled. This paper deals with a conceptual framework which uses the ISO 27001 and the German BSI IT-Grundschutz Framework as a base for determining a methodology for a process based point of view towards information security management for both federated business processes within business applications and personal data usage processes within social networks. The proposed layers are (1) process layer, (2) application layer, (3) network layer, (4) IT systems layer and (5) infrastructure layer.
منابع مشابه
Assessment of BAM with ANP Approach; Case Study: Bank Sepah
In today's business environment in which coordination and adaptation with constant changes are the only ways of survival, real-time monitoring of activities and making the decisions accordingly are necessary. Since performance measurement cannot be managed independent of business processes, Business Activity Monitoring (BAM) systems should monitor performance metrics based on business processes...
متن کاملAssessment of BAM with ANP Approach; Case Study: Bank Sepah
In today's business environment in which coordination and adaptation with constant changes are the only ways of survival, real-time monitoring of activities and making the decisions accordingly are necessary. Since performance measurement cannot be managed independent of business processes, Business Activity Monitoring (BAM) systems should monitor performance metrics based on business processes...
متن کاملManaging of Information Systems Risks in Extended Enterprises: The Case of Outsourcing
IT security issues and outsourcing of business processes are common but largely disjoint themes in the literature; common consideration is rare even though information security risk becomes a shared risk both through IS-based processes at outsourcing partners and potentially tightly-integrated IS systems. This paper explores this lack of an integrated model combining IT risk management view wit...
متن کاملTechnical Note: Performance measurement in industrial organizations, case study: Zarbal Complex
Industrial organizations are complex systems` where the interactions among the various functions such as Sales, Distribution, Manufacturing, Materials, Finance, Human Resources and Maintenance have to be man-aged towards a common purpose of delivering the customers satisfaction. However, since most of these or-ganizations have a `Functional Structure`, each function or department works towards ...
متن کاملPROVIDING NATIVE SUPPORT FOR FEDERATED IDENTITY MANAGEMENT IN A BUSINESS-PROCESS-MANAGEMENT SYSTEM Identity Business Processes
To facilitate information-system security, e. g., access control or audit, the entities involved play a key role. This makes identity management an important task. The success of service-oriented architectures (SOA) has lead to the development of federated identity management (FIM), to deal with the dynamic nature of SOA and to achieve economies of scale. Business processes in SOA are a composi...
متن کامل