Methodology and algorithm of information security risk management for local infrastructure
Închide
Articolul precedent
Articolul urmator
451 0
Căutarea după subiecte
similare conform CZU
004.056.5:005 (2)
Știința și tehnologia calculatoarelor. Calculatoare. Procesarea datelor (2788)
Management (1278)
SM ISO690:2012
BULAI, Rodica; CIORBĂ, Dumitru; POŞTARU, Andrei; CALIN, Rostislav. Methodology and algorithm of information security risk management for local infrastructure. In: Central and Eastern European eDem and eGov Days . 4-5 mai 2017, Budapest. Viena, Austria: Facultas Verlags- und Buchhandels AG, 2017, pp. 399-410. ISBN 978-3-903035-14-0.
EXPORT metadate:
Google Scholar
Crossref
CERIF

DataCite
Dublin Core
Central and Eastern European eDem and eGov Days 2017
Conferința "Central and Eastern European eDem and eGov Days "
Budapest, Hungary, 4-5 mai 2017

Methodology and algorithm of information security risk management for local infrastructure

CZU: 004.056.5:005

Pag. 399-410

Bulai Rodica, Ciorbă Dumitru, Poştaru Andrei, Calin Rostislav
 
Technical University of Moldova
 
Disponibil în IBN: 21 decembrie 2018


Rezumat

The complexity of information security does not resume to mere technicality, transferring significant liability to proper management. Risk analysis in information security is a powerful tool that comes in handy for managers in making decisions about the implementation of efficient information management systems, in order to achieve the organization's mission. As a part of risk management, risk analysis is the systematic implementation of methods, techniques and management practices to assess the context, identify, analyze, evaluate, treat, monitor and communicate the risks for the information security and systems through which they are processed, stored or transmitted. The ISO/IEC 27005:2011 – Information security risk management, does not specify any particular method for managing the risks associated with information security, but a general approach. It is up to the organization to devise control objectives that would reflect specific approaches to risk management and the degree of assurance required.  There are several models, methodologies and tools amongst which those like CRAMM (United Kingdom, Insight Consulting), Risicare/Mehari (France, Clusif), GSTool (Germany, IT-Grundschutz). The theoretical model of the mentioned methodologies is hard to put in practice without experience required from the members of the risk analysis team. Using the appropriate risk assessment solution, an organization can devise its own security requirements.