A Collaborative Process Based Risk Analysis for Information Security Management Systems

2010-04-09
Karabacak, Bilge
Özkan Yıldırım, Sevgi
Today, many organizations quote intent for ISO/IEC 27001:2005 certification. Also, some organizations are en route to certification or already certified. Certification process requires performing a risk analysis in the specified scope. Risk analysis is a challenging process especially when the topic is information security. Today, a number of methods and tools are available for information security risk analysis. The hard task is to use the best fit for the certification. In this work we have proposed a process based risk analysis method which is suitable for ISO/IEC 27001:2005 certifications. Our risk analysis method allows the participation of staff to the determination of the scope and provides a good fit for the certification process. The proposed method has been conducted for an organization and the results of the applications are shared with the audience. The proposed collaborative risk analysis method allows for the participation of staff and managers while still being manageable in a timely manner to uncover crucial information security risks.

Suggestions

Collaborative risk method for information security management practices: A case context within Turkey
Özkan Yıldırım, Sevgi (2010-12-01)
In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Tur...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
A Semantic-Based Solution for UBL Schema Interoperability
Yarimagan, Yalin; Doğaç, Asuman (Institute of Electrical and Electronics Engineers (IEEE), 2009-05-01)
The Universal Business Language (UBL) is an initiative to develop common business document schemas for interoperability. However, businesses operate in different industry, geopolitical, and regulatory contexts and have different rules and requirements for the information they exchange. So, several trading communities are tailoring UBL schemas to their needs, requiring that these schemas translate to each other. In this article, the authors describe how to enhance UBL with semantics-based translation mechani...
An approach for generating natural language specifications by utilizing business process models
Coşkunçay, Ahmet; Arifoğlu, Ali; Yılal, Elif; Department of Information Systems (2010)
Business process modeling is utilized by organizations for defining and reengineering their business processes. On the other hand, software requirements analysis activities are performed for determining the system boundaries, specifying software requirements using system requirements and resolving conflicts between requirements. From this point of view, these two activities are considered in different disciplines. An organization requiring its business processes to be defined and supported with information ...
A monolithic approach to automated composition of semantic web services with the Event Calculus
Okutan, Cagla; Çiçekli, Fehime Nihan (Elsevier BV, 2010-07-01)
In this paper, a web service composition and execution framework is presented for semantically -annotated web services. A monolithic approach to automated web service composition and execution problem is chosen, which provides some benefits by separating composition and execution phases. An AI planning method using a logical formalism, namely Abductive Event Calculus, is chosen for the composition phase. This formalism allows one to generate a narrative of actions and temporal orderings using abductive plan...
Citation Formats
B. Karabacak and S. Özkan Yıldırım, “A Collaborative Process Based Risk Analysis for Information Security Management Systems,” presented at the 5th International Conference on Information Warfare and Security, Air Force Inst Technol, Wright Patterson AFB, OH, 2010, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/53069.