Security level analysis of academic information systems based on standard ISO 27002: 2003 using SSE-CMM
نویسندگان
چکیده
this research was conducted to find out the level of information security in organization to give recommendations improvements in information security management at the organization. This research uses the ISO 27002 by involving the entire clause that exists in ISO 27002 check-lists. Based on the analysis results, 13 objective controls and 43 security controls were scattered in 3 clauses of ISO 27002. From the analysis it was concluded that the maturity level of information system security governance was 2.51, which means the level of security is still at level 2 planned and tracked is planned and tracked actively) but is approaching level 3 well defined.
منابع مشابه
Integration of COBIT, Balanced Scorecard and SSE- CMM as a strategic Information Secur ity Management (ISM) framework
Abstr act The purpose of this study is to explore the integrated use of Control Objectives for Information Technology (COBIT) and Balanced Scorecard (BSC) frameworks for strategic information security management (ISM). The goal is to investigate the strengths, weaknesses, implementation techniques, and potential benefits of such an integrated framework. This integration is achieved by “bridging...
متن کاملامنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...
متن کاملTrust-Based Security Level Evaluation Using Bayesian Belief Networks
Security is not merely about technical solutions and patching vulnerabilities. Security is about trade-offs and adhering to realistic security needs, employed to support core business processes. Also, modern systems are subject to a highly competitive market, often demanding rapid development cycles, short life-time, short time-to-market, and small budgets. Security evaluation standards, such a...
متن کاملIT Security Governance: A Framework based on ISO 38500
ISO 38500 is an international standard for IT governance. The guidelines of ISO 38500 can also be applied at the IT security functional level in order to guide the governance of IT security. This paper proposes the use of a strategic information security management (ISM) framework to implement guidelines of ISO 38500. This approach provides several strategic advantages to the organization by 1)...
متن کاملUsing Security Patterns to Tailor Software Process
Secure software development processes can reduce the quantity of security errors and the vulnerabilities involved in software projects. A secure development process is composed by activities that propose the insertion of security requirements in all software development phases. These activities can be based on standards and/or security models such as SSE-CMM, ISO/IEC 27001, ISO/IEC 15408. The p...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1802.03613 شماره
صفحات -
تاریخ انتشار 2018