Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
A Collaborative Process Based Risk Analysis for Information Security Management Systems
Date
2010-04-09
Author
Karabacak, Bilge
Özkan Yıldırım, Sevgi
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
22
views
0
downloads
Cite This
Today, many organizations quote intent for ISO/IEC 27001:2005 certification. Also, some organizations are en route to certification or already certified. Certification process requires performing a risk analysis in the specified scope. Risk analysis is a challenging process especially when the topic is information security. Today, a number of methods and tools are available for information security risk analysis. The hard task is to use the best fit for the certification. In this work we have proposed a process based risk analysis method which is suitable for ISO/IEC 27001:2005 certifications. Our risk analysis method allows the participation of staff to the determination of the scope and provides a good fit for the certification process. The proposed method has been conducted for an organization and the results of the applications are shared with the audience. The proposed collaborative risk analysis method allows for the participation of staff and managers while still being manageable in a timely manner to uncover crucial information security risks.
Subject Keywords
ISO/IEC 27001:2005
,
Information security
,
Risk analysis
,
Flow chart
,
Process approach
URI
https://hdl.handle.net/11511/53069
Conference Name
5th International Conference on Information Warfare and Security
Collections
Graduate School of Informatics, Conference / Seminar
Suggestions
OpenMETU
Core
Collaborative risk method for information security management practices: A case context within Turkey
Özkan Yıldırım, Sevgi (2010-12-01)
In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Tur...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
A Semantic-Based Solution for UBL Schema Interoperability
Yarimagan, Yalin; Doğaç, Asuman (Institute of Electrical and Electronics Engineers (IEEE), 2009-05-01)
The Universal Business Language (UBL) is an initiative to develop common business document schemas for interoperability. However, businesses operate in different industry, geopolitical, and regulatory contexts and have different rules and requirements for the information they exchange. So, several trading communities are tailoring UBL schemas to their needs, requiring that these schemas translate to each other. In this article, the authors describe how to enhance UBL with semantics-based translation mechani...
An approach for generating natural language specifications by utilizing business process models
Coşkunçay, Ahmet; Arifoğlu, Ali; Yılal, Elif; Department of Information Systems (2010)
Business process modeling is utilized by organizations for defining and reengineering their business processes. On the other hand, software requirements analysis activities are performed for determining the system boundaries, specifying software requirements using system requirements and resolving conflicts between requirements. From this point of view, these two activities are considered in different disciplines. An organization requiring its business processes to be defined and supported with information ...
A monolithic approach to automated composition of semantic web services with the Event Calculus
Okutan, Cagla; Çiçekli, Fehime Nihan (Elsevier BV, 2010-07-01)
In this paper, a web service composition and execution framework is presented for semantically -annotated web services. A monolithic approach to automated web service composition and execution problem is chosen, which provides some benefits by separating composition and execution phases. An AI planning method using a logical formalism, namely Abductive Event Calculus, is chosen for the composition phase. This formalism allows one to generate a narrative of actions and temporal orderings using abductive plan...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
B. Karabacak and S. Özkan Yıldırım, “A Collaborative Process Based Risk Analysis for Information Security Management Systems,” presented at the 5th International Conference on Information Warfare and Security, Air Force Inst Technol, Wright Patterson AFB, OH, 2010, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/53069.
