Collaborative risk method for information security management practices: A case context within Turkey

Özkan, Sevgi; Karabacak, Bilge

doi:10.1016/j.ijinfomgt.2010.08.007

Cited by 25 publications

(25 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This argument may still hold true, although there has been published empirical studies on information security issues since the Kotulic and Clark study (e.g. [39,86,115,43]), there is still a gap regarding ISRA practices. Sufficient to say, ISRM as a research field presents several interesting research problems.…”

Section: Research Problem and Motivationmentioning

confidence: 99%

“…Which makes it a challenge to detect and treat risks within human performance, human errors, and organization wide factors [35]. While Ozkan and Karabacak [115] point to a similar misconception: such as IS being a purely technical task that can be successfully performed by the IT department only, IS is company-wide and the IT department in general does not have sufficient power to run such a program and seldom have a holistic view of the organization. The same authors also highlight the misconception that consultancy firms can and should achieve IS management for an organization.…”

Section: Level 1 Information Securitymentioning

confidence: 99%

“…Zhiwei further claims that safeguarding information should not be the main target of information security it should be to guarantee the reliability and security in the operational processes and goals in the organization. Ozkan and Karabacak [115] points to the lack of knowledge from IS/IT professionals regarding the intersection between business and IT processes as being a problem, a risk assessment will lack completeness and produce erroneous results if the practitioners do not have a firm grasp of the business processes. Another cause for organizational disconnect in ISRM mentioned by Ozkan and Karabacak [115] is when the IT-department are being the drivers and doers of ISRM and ISMS work.…”

Section: Level 3 Context Establishment Lack Of Validation and Testingmentioning

confidence: 99%

See 2 more Smart Citations

Cyber Security Risk Assessment of a DDoS Attack

Wangen¹,

Shalaginov²,

Hallstensen³

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Section: Research Problem and Motivationmentioning

confidence: 99%

Section: Level 1 Information Securitymentioning

confidence: 99%

Section: Level 3 Context Establishment Lack Of Validation and Testingmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Security Risk Assessment of a DDoS Attack

Wangen¹,

Shalaginov²,

Hallstensen³

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…Ozkan and Karabacak [22] suggests that process modeling can be used to ease the use of risk analysis methods and move the IS focus from hardware and software over to IT processes. The authors suggests using process modeling to model the activities of the information processing and to determine the scope of the risk analysis.…”

Section: Related Workmentioning

confidence: 99%

“…However, these external groups are per BPM definition not important stakeholders, ISO/IEC 27001:2013 address the stakeholder needs in section 4.2 Understanding the needs and expectations of interested parties, but we can not see this reflected in the control objectives. The ISMS-program risk failing if key stakeholders lose interest, several instances of failure due to not having sufficiently powerful allies is highlighted in [22]. Although not completely neglected by IS, there is a clear gap between how much emphasis BPM and ISRM put on stakeholder management.…”

Section: B Summary Of Comparison Bpm and Isrmmentioning

confidence: 99%

A Comparison between Business Process Management and Information Security Management

Wangen¹,

Snekkenes²

2014

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Abstract-Information Security Standards such as NIST SP 800-39 and ISO/IEC 27005:2011 are turning their scope towards business process security. And rightly so, as introducing an information security control into a business-processing environment is likely to affect business process flow, while redesigning a business process will most certainly have security implications. Hence, in this paper, we investigate the similarities and differences between Business Process Management (BPM) and Information Security Management (ISM), and explore the obstacles and opportunities for integrating the two concepts. We compare three levels of abstraction common for both approaches; top-level implementation strategies, organizational risk views & associated tasks, and domains. With some minor differences, the comparisons shows that there is a strong similarity in the implementation strategies, organizational views and tasks of both methods. The domain comparison shows that ISM maps to the BPM domains; however, some of the BPM domains have only limited support in ISM.

show abstract

Managing IT and Cyber Risks in Supply Chains

Gaudenzi

Siciliano

2017

Supply Chain Risk Management

View full text Add to dashboard Cite

Collaborative risk method for information security management practices: A case context within Turkey

Cited by 25 publications

References 8 publications

Cyber Security Risk Assessment of a DDoS Attack

Cyber Security Risk Assessment of a DDoS Attack

A Comparison between Business Process Management and Information Security Management

Managing IT and Cyber Risks in Supply Chains

Contact Info

Product

Resources

About