Information Security Management Systems (ISMS) aim at ensuring proper protection of information values and information processing systems (i.e. assets). Information Security Risk Management (ISRM) techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets. Considering the evolution of information systems as well as m...

Defining security requirements is the important first step in designing, implementing and evaluating a secure system. In this paper, we propose a formal approach for designing security requirements, which is flexible for a user to express his/her security requirements with different levels of details and for the system developers to take different options to design and implement the system to s...

Information always comes with security and risk problems. There is the saying that, “The tall tree catches much wind,” and the risks from cloud services will absolutely be more varied and more severe. Nowadays, handling these risks is no longer just a technology problem. So far, a good deal of literature that focuses on risk or security management and frameworks in information systems has alrea...

While conventional business administration-based information technology management methods are applied to the risk analysis of information systems, no security risk analysis techniques have been used in relation to information protection. In particular, given the rapid diffusion of information systems and the demand for information protection, it is vital to develop security risk analysis techn...

Over the past decade information system security issues has been treated mainly from technology perspective. That model of information security management was reactive, mainly technologically driven and rarely aligned to business needs. This paper goes a step further and considers it from the governance view, mainly aligning it with the risk management activities and stressing the necessity for...

............................................................................................................................................3 Acknowledgements...........................................................................................................................4 1 Orientation................................................................................................ 12 1.

Information needs to be transmitted to and from the organisation, and thus may be vulnerable within certain stages along the communications line. If at any stage of the process, the information is compromised, it could have a negative impact on the entire organisation. Protective measures such as disaster recover plans, encryption / decryption, and information systems controls, can minimize or ...