Implementation Octave-S and Iso 27001controls in Risk Management Information Systems
DOI:
https://doi.org/10.21512/comtech.v5i2.2225Keywords:
risk management, ISO/EIC 27001, 2005, OCTAVE-S, risk assesmentAbstract
Extensive use of information technology in companies put IT into a position which is of considerable concern, especially in large companies that put IT becomes a strategic part of the company. The importance of IT division, make the companies willing to pay big to get the benefits offered by IT itself, but on the other hand appears disappointment incurred from investments are not comparable with the results obtained. Until the threat appear and disrupt the business of the company. By doing risk management using the OCTAVE-S, particularly in smaller companies, can help companies to be growing, the company can find out the weaknesses and threats that may arise that could disrupt the company's business, helped by the standard controls that are owned by the ISO / EIC 27001 : 2005 helps companies to prepare implement ISO / EIC 27001:2005 later.
Plum Analytics
References
Alberts, C., Dorofee, A., Stevens, J., Woody, C. (2005). OCTAVE®-S Implementation Guide, Version 1.0. USA: Carnegie Mellon University.
Backhouse, J., Hsu, C. W., Silva, L. (2006). Circuits of power in creating de jure standards: Shaping an international information systems security standard. MIS Quarterly , 413-438.
Barlette, Y. (2006). Les comportements sécuritares des acteurs dans les systémes d'information despme. Université de Montpellier I .
Bornman, W., Labuschagne, L. (2004). A Comparative framework for evaluating information security risk management methods. Standard Bank Academy for Information Technology.
Coleman, J. (2004). Assessing Information Security Risk in Healthcare Organizations of Different Scale. Proceedings of the 18th International Congress and Exhibition, 125-130, Elsevier.
ENISA. (2006). Risk Management: Implementation principles and Inventories for Risk Management/Risk Assessment methods and tools. USA: ENISA.
Humfreys, T. (2005). State-of-the-art information security management system with ISO/IEC 27001:2005. ISO Management Systems, 15-18.
ISO, & EIC. (2005). International Standard, Information Technology - Security Techniques - Information Security Management System - Requirements. London: British Standard
Institution.
Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. Information Management Journal, IV, 60-66.
Stoneburner, G., Goguen, A., Feringa, A. (2002). Risk Management Guide for Information Technology Systems. USA: National Institute of Standards and Technology.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:
a. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License - Share Alike that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
b. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
c. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
USER RIGHTS
All articles published Open Access will be immediately and permanently free for everyone to read and download. We are continuously working with our author communities to select the best choice of license options, currently being defined for this journal as follows: