To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers’ confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in...

Cloud computing providers‘ and customers‘ services are not only exposed to existing security risks, but, due to multi-tenancy, outsourcing the application and data, and virtualization, they are exposed to the emergent, as well. Therefore, both the cloud providers and customers must establish information security system and trustworthiness each other, as well as end users. In this paper we analy...

The automotive industry has successfully collaborated to release the ISO 26262 standard for developing safe software for cars. The standard describes in detail how to conduct hazard analysis and risk assessments to determine the necessary safety measures for each feature. However, the standard does not concern threat analysis for malicious attackers or how to select appropriate security counter...

The ISO/IEC 27799 standard for information security management in health was released in 2008. The standard contains a substantial section (Section 6) covering information security management systems in the healthcare context. This raises the question whether the ISO/IEC 27799 purports a difference between the generic standard for information security management systems (as embodied in the ISO/...

In recent times, and in order to maintain an integrated, efficient and homogeneous policy, Integrated Management Systems (IMS) have emerged as an opportunity to improve processes related to Information Technology (IT) in organizations in a way that is modular, consistent and orderly. The ISO 27001 and ISO 20000 standards provide good practices for creating and/or strengthening management infras...

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutio...

Information security risks threaten the ability of organizations of reaching their operational and strategic goals. Increasing diversification of the information security landscapes makes addressing all risks a challenging task. Information security standards have positioned themselves as generic solutions to tackle a broad range of risks and try to guide security managers in their endeavors. H...

It is imperative for organizations to use Information Security Management System (ISMS) to effectively manage their information assets. ISMS starts with a set of policies that dictate the usage of computer resources. It starts with the “21 essential security controls” of ISO 27001, which give the basic standard requirements of information security management. Our research is concerned with the ...

With the rapid development of information technology, security has been gaining attention. The International Organization for Standardization (ISO) issued international standards and technical reports related to security, which are gradually being adopted by enterprises. This study analyzes relationship between certification (ISO 27001) corporate financial performance using data from Chinese pu...