Supplementing ISRM models by KRI implementation

Özçakmak, Fuat
Cybersecurity efforts should be spent effectively and timely with regard to where and when they are needed because of the resource requirements. In order to secure Information Technology (IT) systems, The Information Systems Risk Management (ISRM) standards like ISO 27000, NIST 800 series and COBIT 5 frameworks are used as best practices. These standards use a diversity of metrics to monitor the Information Security Management System (ISMS). However, large amounts of money, time and human resources are needed to detect, measure and interpret all. Moreover, these standards do not deal with the resources allocated and senior managements’ concern. To avoid these concerns, Key Risk Indicator (KRI) based risk monitoring can help a significant decrease in the required resources and increase the risk monitoring effectiveness. In this study, a new KRI implementation model that can facilitate risk management, figure out costs, benefits and address stakeholders' concerns, for ISRM standards is proposed.
Citation Formats
F. Özçakmak, “Supplementing ISRM models by KRI implementation,” Thesis (M.S.) -- Graduate School of Social Sciences. Science and Technology Policy Studies., Middle East Technical University, 2019.