Information Safety Process Development According to ISО 27001 for an Industrial Enterprise

Syreyshchikova, N. V.; Pimenov, Danil Yurievich; Mikołajczyk, Tadeusz; Moldovan, Liviu

doi:10.1016/j.promfg.2019.02.215

Cited by 23 publications

(7 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The risk management terminology itself was coined for the first time about 50 years ago, while the practical application of risk management originated in the field of insurance in the context of insurance coverage purchasing by beneficiaries (Padanyi 1971;Samson 1987). At present, there exists a significant number of works on the practical use of risk management in various fields: in construction (Mills 2021), transportation (Curtis et al 2012), energy (Scott and Perry 2012), and food industries (Prata et al 2020), in tourism and services (Healy et al 2020), in the financial sector (Ghasemi and Ghasemi 2020), education (Syreyshchikova et al 2020b;Ulven and Wangen 2021), investment business (Uuskoski et al 2020), and entrepreneurship (Andreeva 2021), and over the recent decade, in nanotechnology (Lee et al 2010), the information sphere (Kondratyeva et al 2021), and information safety (Syreyshchikova et al 2019). Practically no works have been written on the application of risk management in such an economically important sector as the metallurgical industry.…”

Section: Introductionmentioning

confidence: 99%

Managing Risks in the Improved Model of Rolling Mill Loading: A Case Study

Syreyshchikova

Pimenov

Yaroslavova

et al. 2021

JRFM

View full text Add to dashboard Cite

This article reflects the main sources of risks for metallurgical enterprises in Russia, presenting the implementation of an innovative approach to increasing the competitiveness of an industrial enterprise, which is a typical representative of large enterprises of the metallurgical industry, based on the development of risk-oriented thinking when loading rolling mills with orders of intersecting assortment according to a new model. To reduce the emerging risks of a new model of the loading process of rolling mills of a metallurgical enterprise, it is proposed to take into account the risks in a complex way, taking into account their interactions with the use of integrated risk management (IRM). Practical development of the implemented approach was carried out by identifying the risks of the new improved loading process and their causes at each stage of the process. Risks were identified by analysis, qualitative and quantitative assessment of the likelihood of risks and the severity of consequences from their implementation with the establishment of events with a high potential hazard. Possible causes of hazardous events have been identified. To reduce the likelihood of unfavorable events, measures have been developed to influence significant risks and their effectiveness has been determined. The development of an innovative approach using risk-based thinking in a previously unexplored field of the application provides competitive advantages for enterprises of the metallurgical industry, increases income by reducing the cost of manufacturing products and production volumes by reducing time costs, achieving an economic efficiency of up to 10 million rubles per year. The practical significance of the dissemination of development results in similar industries is obvious and relevant for metallurgy as a whole.

show abstract

Section: Introductionmentioning

confidence: 99%

Managing Risks in the Improved Model of Rolling Mill Loading: A Case Study

Syreyshchikova

Pimenov

Yaroslavova

et al. 2021

JRFM

View full text Add to dashboard Cite

show abstract

“…Most of them are of proprietary type, and are used specifically within audit firms for their commercial activity. allowing organizations to conduct internal audits in order to know their vulnerabilities and support risk management, and therefore, increase the chance of achieving certification during external audits [14][15]. The SANI tool, developed from this project, provides services of confidentiality, authentication and strong access control to generate trust in organizations about the treatment of sensitive data.…”

Section: Methodological Developmentmentioning

confidence: 99%

SANI: Assistant for Information Security Auditing on ISO/IEC 27001

Franco-Mora,

Porras-Castro,

Corredor-Chavarro

et al. 2019

Vis. Electron.

View full text Add to dashboard Cite

Information security is a fundamental aspect to any organization, not something exclusive to large companies. Implementing good practices in security management is relevant to being competitive in the context, however, adopting a standard in this regard is a tedious and expensive process for small companies. Audits are part of the proper management of information security, as these help to prevent incidents and mitigate risks on information assets. Many auditing applications are developed and executed in private technological settings, are expensive and not available to the community, or focus on functionality, but have serious difficulties in guaranteeing or documenting confidentiality and anonymity services. With this problem in mind, SANI, an alternative tool that implements these capabilities, was designed, developed, and tested in a real operating scenario.

show abstract

“…The second suggestions it is hoped that the Communication and Information Department Mojokerto will carry out a security analysis of the information system again by using the entire ISO 27002 security clause and control after the Communication and Information Department Mojokerto performs physical and environmental security improvements [18].…”

Section: Suggestionmentioning

confidence: 99%

“…The ISO 27002:2013 standard was chosen with the consideration that this standard is very flexible to be developed depending on the needs of the organization, organizational goals, security requirements, business processes, number of employees and the size of the organizational structure [4]. In addition, another consideration is that ISO 27002 provides an internationally recognized Information Security Management System (ISMS) implementation certificate called Information Security Management System (ISMS) certification [5]. ISO/IEC 27002 was developed to provide guidance on implementing information security.…”

Section: Introductionmentioning

confidence: 99%

An Analysis of Physical and Environmental Security in Communication and Information Department Mojokerto

et al. 2021

View full text Add to dashboard Cite

This study aims to provide an overview to the Communication and Information Department Mojokerto regarding the maturity level of physical and environmental security management at the agency, as well as to provide future recommendations. The results of research related to physical and environmental safety using the ISO 27002 standard, indicate that the level of physical and environmental security at the Communication and Information Department Mojokerto is still relatively low. Things that are still lacking include the lack of protection from external threats such as natural disasters, as well as the lack of care and maintenance of infrastructure. The maturity level of physical and environmental security control is 0.85 which is still at level 1 or Initial Ad Hoc from a maximum value of 5, which is at the Optimized level. It can be concluded that Communication and Information Department Mojokerto only knows that there are things that need attention but there is no standardization of the process. With this research, it is hoped that the Communication and Information Department Mojokerto can make improvements to improve physical and environmental security. In addition, it is also a consideration to obtain ISMS Certification with the ISO 27002 standard in the future.

show abstract

Information Safety Process Development According to ISО 27001 for an Industrial Enterprise

Cited by 23 publications

References 1 publication

Managing Risks in the Improved Model of Rolling Mill Loading: A Case Study

Managing Risks in the Improved Model of Rolling Mill Loading: A Case Study

SANI: Assistant for Information Security Auditing on ISO/IEC 27001

An Analysis of Physical and Environmental Security in Communication and Information Department Mojokerto

Contact Info

Product

Resources

About