Organisations develop their computer security procedures based on external guidelines such as ISO 17799 with very little provision to incorporate organisational knowledge in their security procedures. While these external guidelines make recommendations as to how an organisation should develop and implement best practices in computer security they often fail to provide a mechanism that links th...

This study aims to provide an overview the Communication and Information Department Mojokerto regarding maturity level of physical environmental security management at agency, as well future recommendations. The results research related safety using ISO 27002 standard, indicate that is still relatively low. Things are lacking include lack protection from external threats such natural disasters,...

The study applied Decision Making Trial and Evaluation Laboratory (DEMATEL) to analyze the casual relationship and mutual impact level between the control items of the information security management system. Three core control items of the information security management system are found, Security Policy (SC1), Access Control (SC7) and Human Resources Security (SC4) respectively. They can be pr...

Los incidentes de seguridad en una organización se consideran la fuente principal para evaluar correcta aplicación los controles organizaciones públicas o privadas. La investigación está basada el comportamiento ante participación tecnologías información conjuntamente con procesos formales las organizaciones. Se utilizaron buenas prácticas basadas normas internacionales ISO/IEC 27001 e 27002. a...

Purpose – As part of their continuing efforts to establish effective information security management (ISM) practices, information security researchers and practitioners have proposed and developed many different information security standards and guidelines. Building on these previous efforts, the purpose of this study is to put forth a framework for ISM. Design/methodology/approach – This fram...

The inventory process, i.e. the assessment of assets and implemented countermeasures, consumes a significant amount of time in the risk and compliance management process. Assets and countermeasures have to be identified and classified in terms of confidentiality, integrity and availability requirements. Depending on the organization’s size this process may include thousands of assets and counte...

It is crucial for corporations operating in a multinational economy to have a seamless understanding of the security process. For information assurance, ISO 15408:1999 (i.e. Common Criteria) and ISO 17799:2000 are the key standards, both of which are needed for implementing a global approach to security. They provide a definition of the necessary elements of the process as well as the basis for...

Risks related to information communication and technologies (ICTs) still occur in organizations. In spite of development of ICT risk management methodologies that have been published in numerous frameworks and/or standards to help organizations deal with ICT risks, it has still been questioned about whether or not its methodology has manifested success. This research identifies the current prof...

بخش اورژانس یکی از شلوغ‌ترین بخش‌های یک بیمارستان است و بهبود عملکرد این تأثیر بسیاری در کیفیت ارائه خدمات دارد. اخیراً پژوهشگران به­‌دلیل تمرکز مهندسی تاب‌آوری مدیریت ناب بر کارایی سیستم‌ها توجه بسیار زیادی به دو دیدگاه کنار یکدیگر داشته‌اند. هدف پژوهش، رویکردی یکپارچه برای ارزیابی مبتنی شاخص‌های با ارتقای رضایت شغلی کاهش هزینه‌های درمانی واحد خصوصی است. منظور، ابتدا شناسایی مؤثر، مدل مفهومی مس...