Supplementing ISRM models by KRI implementation

Date

2019

Author

Özçakmak, Fuat

Metadata

Show full item record

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Item Usage Stats

4
views

2
downloads

Cite This

Cybersecurity efforts should be spent effectively and timely with regard to where and when they are needed because of the resource requirements. In order to secure Information Technology (IT) systems, The Information Systems Risk Management (ISRM) standards like ISO 27000, NIST 800 series and COBIT 5 frameworks are used as best practices. These standards use a diversity of metrics to monitor the Information Security Management System (ISMS). However, large amounts of money, time and human resources are needed to detect, measure and interpret all. Moreover, these standards do not deal with the resources allocated and senior managements’ concern. To avoid these concerns, Key Risk Indicator (KRI) based risk monitoring can help a significant decrease in the required resources and increase the risk monitoring effectiveness. In this study, a new KRI implementation model that can facilitate risk management, figure out costs, benefits and address stakeholders' concerns, for ISRM standards is proposed.

Subject Keywords

Computer networks, Computer networks Security measures., Information Security Risk Management, Cybersecurity Risk Assessment, Key Risk Indicators, Cybersecurity Metrics, Cost of Cybersecurity.

URI

http://etd.lib.metu.edu.tr/upload/12623326/index.pdf
https://hdl.handle.net/11511/43721

Collections

Graduate School of Social Sciences, Thesis