Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Supplementing ISRM models by KRI implementation
Download
index.pdf
Date
2019
Author
Özçakmak, Fuat
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
201
views
436
downloads
Cite This
Cybersecurity efforts should be spent effectively and timely with regard to where and when they are needed because of the resource requirements. In order to secure Information Technology (IT) systems, The Information Systems Risk Management (ISRM) standards like ISO 27000, NIST 800 series and COBIT 5 frameworks are used as best practices. These standards use a diversity of metrics to monitor the Information Security Management System (ISMS). However, large amounts of money, time and human resources are needed to detect, measure and interpret all. Moreover, these standards do not deal with the resources allocated and senior managements’ concern. To avoid these concerns, Key Risk Indicator (KRI) based risk monitoring can help a significant decrease in the required resources and increase the risk monitoring effectiveness. In this study, a new KRI implementation model that can facilitate risk management, figure out costs, benefits and address stakeholders' concerns, for ISRM standards is proposed.
Subject Keywords
Computer networks
,
Computer networks Security measures.
,
Information Security Risk Management
,
Cybersecurity Risk Assessment
,
Key Risk Indicators
,
Cybersecurity Metrics
,
Cost of Cybersecurity.
URI
http://etd.lib.metu.edu.tr/upload/12623326/index.pdf
https://hdl.handle.net/11511/43721
Collections
Graduate School of Social Sciences, Thesis
Suggestions
OpenMETU
Core
Technology foresight and modeling: Turkish cybersecurity foresight 2040
Çifci, Hasan; Çakır, Serhat; Department of Science and Technology Policy Studies (2019)
Foresight is a systematic and multidisciplinary process with proper methodology combinations for identifying technological, economic and social areas to prioritize investments and research to realize medium or long-term future strategies by using various resources from organizational to international level. Cybersecurity is the protection of cyber systems from cyber-attacks and providing integrity, confidentiality, and availability of those systems. In this thesis, information about technology foresight and...
Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities
Karabey, Bugra; Baykal, Nazife (2013-05-01)
In order to perform the analysis and mitigation efforts related with the information security risks there exists quantitative and qualitative approaches, but the most critical shortcoming of these methods is the fact that the outcome mainly addresses the needs and priorities of the technical community rather than the management. For the enterprise management, this information is essentially required as a decision making aid for the asset allocation and the prioritization of mitigation efforts, so, ideally t...
A Conceptual Model for a Metric Based Framework for the Monitoring of Information Security Tasks’ Efficiency
Sönmez, Ferda Özdemir (Elsevier BV; 2019)
Information Security Governance Systems are not adequate to measure the effectiveness and efficiency of security tasks for the enterprises. Although some of the systems offer ways for measurement, they still need the definition of measurement objectives and metrics. This study proposes a conceptual framework mode which has human and tool/process related metrics. This system also allows the collection of evidence data for security-related tasks and ways to motivate the security staff to provide a more produc...
An assessment model for web-based information system effectiveness
Tokdemir, Gül; Bilgen, Semih; Department of Information Systems (2009)
Information System (IS) effectiveness assessment is an important issue for the organizations as IS have become critical for their survival. With the incorporation of Internet technologies into the business environment, it is now more difficult to measure IS effectiveness, because Internet provides a borderless, non-stop, flexible communication medium. Assessing the effectiveness of web-based information systems (WIS) is vital for survival and competitive advantage which is a complicated subject since there ...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
F. Özçakmak, “Supplementing ISRM models by KRI implementation,” Thesis (M.S.) -- Graduate School of Social Sciences. Science and Technology Policy Studies., Middle East Technical University, 2019.