Secure software development processes can reduce the quantity of security errors and the vulnerabilities involved in software projects. A secure development process is composed by activities that propose the insertion of security requirements in all software development phases. These activities can be based on standards and/or security models such as SSE-CMM, ISO/IEC 27001, ISO/IEC 15408. The p...

As computer becomes popular and internet advances rapidly, information application systems are used extensively in organizations. Various information application systems such as attendance systems, accounting systems, and statistical systems have already replaced manual operations. In such a drastic change, the information security issue encountered by organizations becomes increasingly signifi...

Organizations concerned about digital or computer forensics capability which establishes procedures and records to support a prosecution for crimes could benefit from implementing an ISO 27001: 2013-compliant (ISMS Information Security Management System). A certified ISMS adds credibility information gathered in investigation; certification shows that the organization has outsider verifies corr...

Resumo. Em geral, a ótica cliente/fornecedor seguida pelas organizações, no que concerne à gestão da segurança da informação, assenta sobretudo na gestão de controles com base em normas tais como a ISO/IEC 27001:2015, resultando na produção de relatórios especialmente de análise técnica, em detrimento de uma abordagem sociotécnica. Isto conduz à perceção por parte do cliente da entrega de um pr...

It has become a current requirement in every company regarding the implementation of governance ICT field an effort to improve service quality. For this reason, it is necessary implement and at same time carry out ISMS periodic audit process companies using ISO 27001: 2013 standard. Based on research results found Annex 7 lowest level compared other Annexes, because work instruction documentati...

Mit der massiven Verbreitung der Informationstechnologie in den Unternehmen und in privaten Haushalten Mitte der 90-er Jahre, begann alsbald die Diskussion um deren Absicherung mittels IT/Inf.-Sicherheitskonzepten. Inzwischen haben sich im Bereich der Unternehmensabsicherung (Enterprise Security) weltweit Management Systeme, gemäß dem Deming Zyklus – gegenüber den anfänglich verwendeten Policie...

Abstr act The purpose of this study is to explore the integrated use of Control Objectives for Information Technology (COBIT) and Balanced Scorecard (BSC) frameworks for strategic information security management (ISM). The goal is to investigate the strengths, weaknesses, implementation techniques, and potential benefits of such an integrated framework. This integration is achieved by “bridging...