Improvement of Information System Security Risk Management

被引：0

作者：

Abbass, Wissam ^{[1
]}

Baina, Amine ^{[1
]}

Bellafkih, Mostafa ^{[1
]}

机构：

[1] Natl Inst Posts & Telecommun INPT, STRS Lab, RAI2S Team, Rabat, Morocco

来源：

2016 4TH IEEE INTERNATIONAL COLLOQUIUM ON INFORMATION SCIENCE AND TECHNOLOGY (CIST) | 2016年

关键词：

Information system security risk management; Information system security risk management alignement; Security modeling; Entreprise Architecture Management; IT risk management;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The Information System Security Risk management (ISSRM) in organizations is ultimate for business success. ISSRM protects information availability, integrity, and privacy. However, this latter remains a difficult area to establish and maintain, especially in the environment of today's organizations where operations are conducted in a complex and interconnected context. The aim of this paper is to highlight the contribution of Enterprise Architecture Management (EAM) in order to improve ISSRM. When organization business services and strategic planning are aligned with proactive ISSRM activities, a well-defined strategy to reach business value is achieved. For this purpose, we will first explore risk management methods and security modeling languages to understand why EAM would be benefic. The contribution of this paper is an ISSRM model described by the constructs of ArchiMate, a well-known EAM modeling language.

引用

页码：182 / 187

页数：6

共 50 条

[1] Survey on Information System Security Risk Management alignment
Abbass, Wissam
Baina, Amine
Bellafkih, Mostafa
[J]. 2016 INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY FOR ORGANIZATIONS DEVELOPMENT (IT4OD), 2016,
[2] INFORMATION SECURITY OF THE BANK IN THE OPERATIONAL RISK MANAGEMENT SYSTEM
Bezshtanko, D. V.
[J]. FINANCIAL AND CREDIT ACTIVITY-PROBLEMS OF THEORY AND PRACTICE, 2012, 1 (12):
[3] Risk management system as the basic paradigm of the information security management system in an organization
Hoffmann, Romuald
Kiedrowicz, Maciej
Stanik, Jerzy
[J]. 20TH INTERNATIONAL CONFERENCE ON CIRCUITS, SYSTEMS, COMMUNICATIONS AND COMPUTERS (CSCC 2016), 2016, 76
[4] Information Security Risk Assessment for the Malaysian Aeronautical Information Management System
Alwi, Alfian
Ariffin, Khairul Akram Zainol
[J]. PROCEEDINGS OF THE 2018 CYBER RESILIENCE CONFERENCE (CRC), 2018,
[5] Application of Six Sigma Tools For Improvement of Information Security Management System
Olaru, Marieta
Ionescu, Razvan Cristian
Maftei, Mihaela
Ilie, Cristian
[J]. VISION 2020: SUSTAINABLE ECONOMIC DEVELOPMENT, INNOVATION MANAGEMENT, AND GLOBAL GROWTH, VOLS I-IX, 2017, 2017, : 5779 - 5784
[6] The Information Security Risk Management
Semin, Valeriy G.
Shmakova, Elena G.
Los, Lexei B.
[J]. PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE QUALITY MANAGEMENT,TRANSPORT AND INFORMATION SECURITY, INFORMATION TECHNOLOGIES (IT&QM&IS), 2017, : 106 - 109
[7] Information security and risk management
Bodin, Lawrence D.
Gordon, Lawrence A.
Loeb, Martin P.
[J]. COMMUNICATIONS OF THE ACM, 2008, 51 (04) : 64 - 68
[8] Research of Information System Security Risk Management based on Probability Model and Security Entropy
Du, Jiawei
Zhou, Ying
Guo, Ronghua
Zhang, Xing
Suo, Guowei
[J]. INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND APPLICATION ENGINEERING (CSAE), 2017, 190 : 414 - 420
[9] Security through Information Risk Management
Johnson, M. Eric
Goetz, Eric
Pfleeger, Shari Lawrence
[J]. IEEE SECURITY & PRIVACY, 2009, 7 (03) : 45 - 52
[10] The Quantification Management of Information Security Risk
Lao, Guoling
Wang, Liping
[J]. 2008 4TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-31, 2008, : 10377 - 10380

← 1 2 3 4 5 →