With the rapid development of information technology, security has been gaining attention. The International Organization for Standardization (ISO) issued international standards and technical reports related to security, which are gradually being adopted by enterprises. This study analyzes relationship between certification (ISO 27001) corporate financial performance using data from Chinese pu...

With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognize...

The ISO/IEC 27799 standard for information security management in health was released in 2008. The standard contains a substantial section (Section 6) covering information security management systems in the healthcare context. This raises the question whether the ISO/IEC 27799 purports a difference between the generic standard for information security management systems (as embodied in the ISO/...

Information security risks threaten the ability of organizations of reaching their operational and strategic goals. Increasing diversification of the information security landscapes makes addressing all risks a challenging task. Information security standards have positioned themselves as generic solutions to tackle a broad range of risks and try to guide security managers in their endeavors. H...

Based on ISO 27001 for Information Security Management Systems, this paper introduces a newly developed security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activi...

It is imperative for organizations to use Information Security Management System (ISMS) to effectively manage their information assets. ISMS starts with a set of policies that dictate the usage of computer resources. It starts with the “21 essential security controls” of ISO 27001, which give the basic standard requirements of information security management. Our research is concerned with the ...

Assembling an Information Security Management System (ISMS) according to the ISO 27001 standard is difficult, because the standard provides only very sparse support for system development and documentation. Assembling an ISMS consists of several difficult tasks, e.g., asset identification, threat and risk analysis and security reasoning. Moreover, the standard demands consideration of laws and ...

This paper describes the development of situational awareness models and applications to assess cybersecurity risks based on Annex ISO 27001:2013. The risk assessment method used is direct testing method, namely audit, exercise penetration testing. this study classified into three levels, high, medium low. A high-risk value an unacceptable value. Meanwhile, low values can be categorized as acce...

Pustik telah mengintegrasikan ISO 9001:2015, ISO/IEC 20000-1:2018 dan 27001: 2013 ke dalam Integrated Management System (IMS). Sejak tahun menerapkan Risk (RMS) diperkuat dengan Kebijakan Internal Lembaga tentang Manajemen Risiko yang terintegrasi 27001:2013. Adapun pengintegrasian RMS 9001:2015 belum ada pedoman khusus mengatur hal tersebut. Kondisi ini dapat menyebabkan isu menjadi perhatian ...