A Study on Comparative Analysis of the Information Security Management Systems

Jo, Heasuk; Kim, Seungjoo; Won, Dongho

doi:10.1007/978-3-642-12189-0_44

Cited by 3 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, the proposed evaluation checklist can place greater emphasis on risk factors in management security. • Revision of [38], [43], and [44]: In this paper, new revision is as follows: an added and modified checklist(TC and EC), an application of quantitative and qualitative analysis methodology, a separated application of self-evaluation and evaluation committee for information security management evaluation, and an evaluation of ISMES. The best method of ISMES evaluation is a uniform application throughout the real organization.…”

Section: Ismes Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

Advanced Information Security Management Evaluation System

Jo¹,

Kim²,

Won³

2011

KSII TIIS

Self Cite

View full text Add to dashboard Cite

Information security management systems (ISMSs) are used to manage information about their customers and themselves by governments or business organizations following advances in e-commerce, open networks, mobile networks, and Internet banking. This paper explains the existing ISMSs and presents a comparative analysis. The discussion deals with different types of ISMSs. We addressed issues within the existing ISMSs via analysis. Based on these analyses, then we proposes the development of an information security management evaluation system (ISMES). The method can be applied by a self-evaluation of the organization and an evaluation of the organization by the evaluation committee. The contribution of this study enables an organization to refer to and improve its information security levels. The case study can also provide a business organization with an easy method to build ISMS and the reduce cost of information security evaluation.

show abstract

Section: Ismes Evaluationmentioning

confidence: 99%

“…Moreover, this study can be used as a guideline to develop new ISMSs for individual businesses. This paper is expanded and revised based on [38] [43], and [44].…”

Section: Introductionmentioning

confidence: 99%

Advanced Information Security Management Evaluation System

Jo¹,

Kim²,

Won³

2011

KSII TIIS

Self Cite

View full text Add to dashboard Cite

show abstract

Multi-dimensional Security Risk Assessment Model Based on Three Elements in the IoT System

Kang

Deng

Zhu

et al. 2020

2020 IEEE/CIC International Conference on Communications in China (ICCC)

View full text Add to dashboard Cite

Aligning Two Specifications for Controlling Information Security

Nykänen

Kärkkäinen

2014

International Journal of Cyber Warfare and Terrorism

View full text Add to dashboard Cite

Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/ IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a tool to verify maturity of information security practices. KATAKRI defines both security control objectives and security controls to meet an objective.Here the authors compare and align these two specifications in the process, structural, and operational level, focusing on the security control objectives and the actual controls. Even if both specifications share the same topics on high level, the results reveal the differences in the scope and in the included security controls.

show abstract

A Study on Comparative Analysis of the Information Security Management Systems

Cited by 3 publications

References 0 publications

Advanced Information Security Management Evaluation System

Advanced Information Security Management Evaluation System

Multi-dimensional Security Risk Assessment Model Based on Three Elements in the IoT System

Aligning Two Specifications for Controlling Information Security

Contact Info

Product

Resources

About