Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Collaborative risk method for information security management practices: A case context within Turkey
Date
2010-12-01
Author
Özkan Yıldırım, Sevgi
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
201
views
0
downloads
Cite This
In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Turkey. The findings and lessons learned presented in this case provide useful insights for practitioners when implementing information security management projects in other international public sector organizations.
Subject Keywords
Information security governance
,
Case process approach
,
Flow chart
,
Risk analysis
,
Information security
,
ISO/IEC 27002:2005
,
ISO/IEC 27001:2005
URI
https://hdl.handle.net/11511/31196
Journal
INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT
DOI
https://doi.org/10.1016/j.ijinfomgt.2010.08.007
Collections
Graduate School of Informatics, Article
Suggestions
OpenMETU
Core
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
A Collaborative Process Based Risk Analysis for Information Security Management Systems
Karabacak, Bilge; Özkan Yıldırım, Sevgi (2010-04-09)
Today, many organizations quote intent for ISO/IEC 27001:2005 certification. Also, some organizations are en route to certification or already certified. Certification process requires performing a risk analysis in the specified scope. Risk analysis is a challenging process especially when the topic is information security. Today, a number of methods and tools are available for information security risk analysis. The hard task is to use the best fit for the certification. In this work we have proposed a pro...
On provable security of some public key encryption schemes
Hanoymak, Turgut; Akyıldız, Ersan; Selçuk, Ali Aydın; Department of Cryptography (2012)
In this thesis, we analyse the security criteria of some public key encryption schemes. In this respect, we present the notion of adversarial goals and adversarial capabilities. We give the definition of provably security by means of several games between the challenger and the adversary in some security models, namely the standard model and the random oracle model. We state the main differences between these two models and observe the advantage of the success probability of the adversary in breaking the cr...
Semantic interoperability of the un/cefact ccts based electronic business document standards
Kabak, Yıldıray; Doğaç, Asuman; Department of Computer Engineering (2009)
The interoperability of the electronic documents exchanged in eBusiness applications is an important problem in industry. Currently, this problem is handled by the mapping experts who understand the meaning of every element in the involved document schemas and define the mappings among them which is a very costly and tedious process. In order to improve electronic document interoperability, the UN/CEFACT produced the Core Components Technical Specification (CCTS) which defines a common structure and semanti...
A Conceptual Model for a Metric Based Framework for the Monitoring of Information Security Tasks’ Efficiency
Sönmez, Ferda Özdemir (Elsevier BV; 2019)
Information Security Governance Systems are not adequate to measure the effectiveness and efficiency of security tasks for the enterprises. Although some of the systems offer ways for measurement, they still need the definition of measurement objectives and metrics. This study proposes a conceptual framework mode which has human and tool/process related metrics. This system also allows the collection of evidence data for security-related tasks and ways to motivate the security staff to provide a more produc...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
S. Özkan Yıldırım, “Collaborative risk method for information security management practices: A case context within Turkey,”
INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT
, pp. 567–572, 2010, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/31196.