Ramli, Noraza and A. Aziz, Normaziah (2012) Risk identification for an information security management system implementation. In: SECURWARE 2012 , The Sixth International Conference on Emerging Security Information, Systems and Technologies , 19 August 2012, Rome, Italy.
![[img]](http://irep.iium.edu.my/style/images/fileicons/application_pdf.png) |
PDF (Risk identification for an information security management system implementation)
- Published Version
Restricted to Registered users only Download (97kB) | Request a copy |
Abstract
ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Security Management System (ISMS) implementation. A risk assessment exercise for an ISMS implementation requires human expertise with comprehensive understanding and considerable knowledge in information security. A common risk assessment exercise is based on three sub-processes, namely, risk identification, risk analysis and risk evaluation. The lack of tools especially in the automation of risk identification emphasized the need of experienced personnel and this becomes a challenge for organizations seeking compliance with the ISMS standard. This paper proposes a relationship concept in asset and threat identification which is part of the risk identification sub-process. The concept provides a foundation to automate the risk assessment process for an identified scope of an ISMS implementation.
| Item Type: | Conference or Workshop Item (Full Paper) |
|---|---|
| Additional Information: | 5505/28619 |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): | Kulliyyah of Information and Communication Technology > Department of Computer Science Kulliyyah of Information and Communication Technology > Department of Computer Science |
| Depositing User: | Dr. Normaziah Abdul Aziz |
| Date Deposited: | 18 Jan 2013 14:15 |
| Last Modified: | 13 Feb 2013 18:51 |
| URI: | http://irep.iium.edu.my/id/eprint/28619 |
Actions (login required)
 |
View Item |
Download Statistics
Download Statistics