Purpose – As part of their continuing efforts to establish effective information security management (ISM) practices, information security researchers and practitioners have proposed and developed many different information security standards and guidelines. Building on these previous efforts, the purpose of this study is to put forth a framework for ISM. Design/methodology/approach – This fram...

The inventory process, i.e. the assessment of assets and implemented countermeasures, consumes a significant amount of time in the risk and compliance management process. Assets and countermeasures have to be identified and classified in terms of confidentiality, integrity and availability requirements. Depending on the organization’s size this process may include thousands of assets and counte...

It is crucial for corporations operating in a multinational economy to have a seamless understanding of the security process. For information assurance, ISO 15408:1999 (i.e. Common Criteria) and ISO 17799:2000 are the key standards, both of which are needed for implementing a global approach to security. They provide a definition of the necessary elements of the process as well as the basis for...

Risks related to information communication and technologies (ICTs) still occur in organizations. In spite of development of ICT risk management methodologies that have been published in numerous frameworks and/or standards to help organizations deal with ICT risks, it has still been questioned about whether or not its methodology has manifested success. This research identifies the current prof...

The development of Information and Communication Technology (ICT) in the Industrial Revolution 4.0 era shows very fast disruptive developments that encourage increased use (IT) services within organizations. However, there is a risk creating vulnerabilities threats to owned information systems. Plans strategies are required implement security management address threat events. This research case...