Risk Management in IT Service Security
نویسنده
چکیده
This article brings a novel approach for optimized risk management in IT service information security. The new method is based on widely used international standards – best practices – for IT service management (ISO/IEC 20000) and Information security management system (ISO/IEC 27000). Firstly, the IT service information security approach is developed (based on a Service level management extension). Secondly, the authors suggest a new risk management approach, in which a multidomain environment between the parties involved as well as their satisfaction is taken into consideration. Optimization in risk management is achieved through evaluation of relevancy and maturity of risk treatment controls on both sides of the contract. Finally, the results are presented on a real case study to enable risk analysts, IT service business owners and process engineers to apply the new methods in real business.
منابع مشابه
Identifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملOptimal Strategies of Increasing Business Alignment, in Social Security Organization, with Quality Function Deployment (QFD) Approach
Considering the importance of the concept of strategic alignment of information technology (IT) in today economic organizations, this study attempted to extract the organization's IT strategies in order to increase the degree of strategic alignment and consequently the optimal strategies in the field of marketing and service delivery for social security organization. Using QFD technique and hie...
متن کاملRisk management in the sphere of state economic security provision using professional liability insurance
This study contains a comprehensive scientific analysis of modern problems of risk management in the sphere of state economic security provision using professional liability insurance. The elements of the mechanism for providing economic security are defined, namely: subjects, objects, and instruments of influence. It is stipulated that insurance is the means to provide state economic security....
متن کاملبهبود رتبه بندی مخاطرات امنیت اطلاعات با استفاده از مدل های تصمیم گیری چند شاخصه
One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is conside...
متن کاملLength of service and commitment of nurses in hospitals of Social Security Organization (SSO) in Tehran
Background: A nurse’s commitment is the most important factor that influences her performance and depends on other variables. The purpose of this research was to study the relationship between length of service of the nurses with the amount of occupational commitment and organizational commitment. Methods: From Winter 2012 to Spring 2013, 266 nurses were chosen in selected hospitals of Social ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011