Risk identification for an information security management system implementation
ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Security Management System (ISMS) implementation. A risk assessment exercise for an ISMS implementation requires human expertise with comprehensive understanding and considerable knowledge in informatio...
| Main Authors: | , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/28619/ http://irep.iium.edu.my/28619/ http://irep.iium.edu.my/28619/4/securware_2012_2_50_30114-1.pdf |
| id |
iium-28619 |
|---|---|
| recordtype |
eprints |
| spelling |
iium-286192013-02-13T10:51:29Z http://irep.iium.edu.my/28619/ Risk identification for an information security management system implementation Ramli, Noraza A. Aziz, Normaziah QA75 Electronic computers. Computer science ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Security Management System (ISMS) implementation. A risk assessment exercise for an ISMS implementation requires human expertise with comprehensive understanding and considerable knowledge in information security. A common risk assessment exercise is based on three sub-processes, namely, risk identification, risk analysis and risk evaluation. The lack of tools especially in the automation of risk identification emphasized the need of experienced personnel and this becomes a challenge for organizations seeking compliance with the ISMS standard. This paper proposes a relationship concept in asset and threat identification which is part of the risk identification sub-process. The concept provides a foundation to automate the risk assessment process for an identified scope of an ISMS implementation. 2012-08 Conference or Workshop Item PeerReviewed application/pdf en http://irep.iium.edu.my/28619/4/securware_2012_2_50_30114-1.pdf Ramli, Noraza and A. Aziz, Normaziah (2012) Risk identification for an information security management system implementation. In: SECURWARE 2012 , The Sixth International Conference on Emerging Security Information, Systems and Technologies , 19 August 2012, Rome, Italy. http://www.thinkmind.org/index.php?view=article&articleid=securware_2012_2_50_30114 |
| repository_type |
Digital Repository |
| institution_category |
Local University |
| institution |
International Islamic University Malaysia |
| building |
IIUM Repository |
| collection |
Online Access |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Ramli, Noraza A. Aziz, Normaziah Risk identification for an information security management system implementation |
| description |
ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Security Management System (ISMS) implementation. A risk assessment exercise for an ISMS implementation requires human expertise with comprehensive understanding and considerable knowledge in information security. A common risk assessment exercise is based on three sub-processes, namely, risk identification, risk analysis and risk evaluation. The lack of tools especially in the automation of risk identification emphasized the need of experienced personnel and this becomes a challenge for organizations seeking compliance with the ISMS standard. This paper proposes a relationship concept in asset and threat identification which is part of the risk identification sub-process. The concept provides a foundation to automate the risk assessment process for an identified scope of an ISMS implementation. |
| format |
Conference or Workshop Item |
| author |
Ramli, Noraza A. Aziz, Normaziah |
| author_facet |
Ramli, Noraza A. Aziz, Normaziah |
| author_sort |
Ramli, Noraza |
| title |
Risk identification for an information security management system implementation |
| title_short |
Risk identification for an information security management system implementation |
| title_full |
Risk identification for an information security management system implementation |
| title_fullStr |
Risk identification for an information security management system implementation |
| title_full_unstemmed |
Risk identification for an information security management system implementation |
| title_sort |
risk identification for an information security management system implementation |
| publishDate |
2012 |
| url |
http://irep.iium.edu.my/28619/ http://irep.iium.edu.my/28619/ http://irep.iium.edu.my/28619/4/securware_2012_2_50_30114-1.pdf |
| first_indexed |
2023-09-18T20:42:09Z |
| last_indexed |
2023-09-18T20:42:09Z |
| _version_ |
1777409436774563840 |