A process framework for information security management

Detalhes bibliográficos
Autor(a) principal: Haufe, Knut
Data de Publicação: 2022
Outros Autores: Colomo-Palacios, Ricardo, Dzombeta, Srdan, Brandis, Knud, Stantchev, Vladimir
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: https://doi.org/10.12821/ijispm040402
Resumo: Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. It is based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.
id RCAP_4aef27eeba237b47c35842b54dff5cc1
oai_identifier_str oai:journals.uminho.pt:article/3859
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling A process framework for information security managementinformation securityIT security managementISMSprocess frameworkSecuring sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. It is based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.UMinho Editora2022-02-02info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://doi.org/10.12821/ijispm040402https://doi.org/10.12821/ijispm040402International Journal of Information Systems and Project Management; Vol. 4 N.º 4 (2016); 27-47International Journal of Information Systems and Project Management; Vol. 4 No. 4 (2016); 27-472182-7788reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAPenghttps://revistas.uminho.pt/index.php/ijispm/article/view/3859https://revistas.uminho.pt/index.php/ijispm/article/view/3859/3912Haufe, KnutColomo-Palacios, RicardoDzombeta, SrdanBrandis, KnudStantchev, Vladimirinfo:eu-repo/semantics/openAccess2023-03-23T11:57:51Zoai:journals.uminho.pt:article/3859Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T17:45:18.527995Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv A process framework for information security management
title A process framework for information security management
spellingShingle A process framework for information security management
Haufe, Knut
information security
IT security management
ISMS
process framework
title_short A process framework for information security management
title_full A process framework for information security management
title_fullStr A process framework for information security management
title_full_unstemmed A process framework for information security management
title_sort A process framework for information security management
author Haufe, Knut
author_facet Haufe, Knut
Colomo-Palacios, Ricardo
Dzombeta, Srdan
Brandis, Knud
Stantchev, Vladimir
author_role author
author2 Colomo-Palacios, Ricardo
Dzombeta, Srdan
Brandis, Knud
Stantchev, Vladimir
author2_role author
author
author
author
dc.contributor.author.fl_str_mv Haufe, Knut
Colomo-Palacios, Ricardo
Dzombeta, Srdan
Brandis, Knud
Stantchev, Vladimir
dc.subject.por.fl_str_mv information security
IT security management
ISMS
process framework
topic information security
IT security management
ISMS
process framework
description Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. It is based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.
publishDate 2022
dc.date.none.fl_str_mv 2022-02-02
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://doi.org/10.12821/ijispm040402
https://doi.org/10.12821/ijispm040402
url https://doi.org/10.12821/ijispm040402
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv https://revistas.uminho.pt/index.php/ijispm/article/view/3859
https://revistas.uminho.pt/index.php/ijispm/article/view/3859/3912
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv UMinho Editora
publisher.none.fl_str_mv UMinho Editora
dc.source.none.fl_str_mv International Journal of Information Systems and Project Management; Vol. 4 N.º 4 (2016); 27-47
International Journal of Information Systems and Project Management; Vol. 4 No. 4 (2016); 27-47
2182-7788
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799131537650745344

Registros relacionados