IIUM Repository

Risk identification for an information security management system implementation

Ramli, Noraza and A. Aziz, Normaziah (2012) Risk identification for an information security management system implementation. In: SECURWARE 2012 , The Sixth International Conference on Emerging Security Information, Systems and Technologies , 19 August 2012, Rome, Italy.

[img] PDF (Risk identification for an information security management system implementation) - Published Version
Restricted to Registered users only

Download (97kB) | Request a copy

Abstract

ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Security Management System (ISMS) implementation. A risk assessment exercise for an ISMS implementation requires human expertise with comprehensive understanding and considerable knowledge in information security. A common risk assessment exercise is based on three sub-processes, namely, risk identification, risk analysis and risk evaluation. The lack of tools especially in the automation of risk identification emphasized the need of experienced personnel and this becomes a challenge for organizations seeking compliance with the ISMS standard. This paper proposes a relationship concept in asset and threat identification which is part of the risk identification sub-process. The concept provides a foundation to automate the risk assessment process for an identified scope of an ISMS implementation.

Item Type: Conference or Workshop Item (Full Paper)
Additional Information: 5505/28619
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Computer Science
Kulliyyah of Information and Communication Technology > Department of Computer Science
Depositing User: Dr. Normaziah Abdul Aziz
Date Deposited: 18 Jan 2013 14:15
Last Modified: 13 Feb 2013 18:51
URI: http://irep.iium.edu.my/id/eprint/28619

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year