Managing vulnerabilities of information systems to security incidents
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
Security in Computing (4th Edition)
Security in Computing (4th Edition)
An Information Security Governance Framework
Information Systems Management
Challenges and complexities of managing information security
International Journal of Electronic Security and Digital Forensics
| Hi-index | 0.00 |
The widespread adoption of information and communication technology has promoted an increase dependency of organisations from the performance of their information systems. As a result, adequate security procedures to properly manage information security must be established by the organisations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit information system security is proposed and discussed. The proposed framework intends to assist organisations firstly, to understand what assets precisely need to be protect and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a simple security auditing process to support the organisation to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new internet-enabled services. The presented framework is based on a conceptual model approach, comprising the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.