Sector-Based Improvement of the Information Security Risk Management Process in the Context of Telecommunications Regulation
نویسندگان
چکیده
The current European regulation on public communications networks requires today that Telecommunications Service Providers (TSPs) take appropriate technical and organizational measures to manage the risks posed to security of networks and services. However, a key issue in this process is the risk identification activity, which roughly consists in defining what are the relevant risks regarding the business operated and the architecture in place. The same problem appears when selecting relevant security controls. The research question discussed in this paper is: how to adapt generic Information Security Risk Management (ISRM) process and practices to the telecommunications sector? To answer this research question, a four-step research method has been established and is presented in this paper. The outcome is an improved ISRM process in the context of the telecommunications regulation.
منابع مشابه
Identifying and Ranking Technology-Telecommunications Context of Information Security anagement System in E-Government Using Fuzzy AHP Approach
In recent years, many security threats have entered into the organizations’ information and changed the organizational performance resulting in their exorbitant costs. This question is of particular importanceabout government agencies that use information and Internet systems. This issue enabled the top managers of organizations to implement a security system and minimize these costs. Using In...
متن کاملIntra Sector Policy Interventions for Improvement of Iranian Health Financing System
Background and purpose: To determine an appropriate financial model for the health system of Iran, several studies have been conducted. But it seems that these studies were not comprehensive and further investigation is required. So to design a valid and enforceable mechanism, the study of policy interventions will be considered through consensus of all stakeholders. This investigation was done...
متن کاملService Quality Management Modeling, Controlling and Upgrading as well as Communications and Information Technology Enhancement through Conducting a Case Study in the Parent Telecommunications Network of Iran
This paper reviews the service quality management control and upgrade as well as the communications and information technology enhancement. The purpose of this research is the control and improvement of the service quality management as well as the enhancement of the parent telecommunications network of I.R.Iran that finally, taking the specific conditions into consideration, the quality manage...
متن کاملInvestigating Effectiveness of In-Service Training in the Public Sector
This study that is aimed at investigating the effectiveness of "in-service training" courses in public sector organizations, as a result of the findings of a process modification training course in public organizations of Kermanshah province where 68 employees of 32 organizations of public sector (including governmental and non-governmental) scientifically studied 27 processes as a sample, duri...
متن کاملبهبود رتبه بندی مخاطرات امنیت اطلاعات با استفاده از مدل های تصمیم گیری چند شاخصه
One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is conside...
متن کامل