For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Overall Effectiveness Improvement for CNC Machine Tools
p.1498
Maintenance Strategy Optimization for Computer Numerical Control Machine Tools
p.1504
Semi-Automated Data Acquisition for Management of the Company in Non-Automated Production System – Case Study
p.1510
Using Genetic Algorithms for Exploring the Solution Space in the Case of Automated Product Design
p.1516
Security Information and Risk Management Assessment
p.1522
ISO 9001 International Standard, a Tool to Enhance Data Quality in Durable Socio-Technical Systems
p.1528
Value Analysis and TRIZ - A Methodology for Innovative Economics and Technical Solutions
p.1535
Integration of Modern Tools as Part of Concurrent Engineering in Mechanical Designs
p.1541
Use of the Information Concerning the Products Manufacturing in Innovative Learning and Education Programme for Health Care Sector
p.1547

Security Information and Risk Management Assessment

Article Preview

Abstract:

This work approaches the assessment of the security and information risks in order to find the optimal values of the risks by applying and comparing different methods to measure and assess the security risks. By describing structural characteristics of standards and methods implemented in the information security management system (ISMS), this paper underlines the necessity, means and effectiveness of information security modeling. The conclusions of this paper highlights the importance of standards and methods of risk management assessment.

You might also be interested in these eBooks
Innovative Manufacturing Engineering 2015 View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 809-810)

Pages:

1522-1527

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.809-810.1522

Citation:

Cite this paper

Online since:

November 2015

Authors:

Nicolae Anton*, Anișor Nedelcu

Keywords:

Information, Information Security, ISO/IEC 27002, ISO/IEC 27005, Mehari-Harmonised Risk Analysis Method, Methods, Models, NIST Sp 800-30, Octave, Risk Management Assessment, Standards

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2015 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Information Security Forum (ISF). Tools and methodologies, available at: https: /www. securityforum. org/tools/#anchor5tpsat, accessed: 12. 02. (2015).

Google Scholar

[2] E. Zambon, S. Etalle, R. J. Wieringa, P. Hartel, Model-based qualitative risk assessment for availability of it infrastructures. Softw. Syst. Model. 10, 4 (2011) 553–580.

DOI: 10.1007/s10270-010-0166-8

Google Scholar

[3] Wikipedia, ISO/IEC 27002, available at: http: /en. wikipedia. org/wiki/ISO/IEC_27002, accessed: 11. 02. (2015).

DOI: 10.3403/30310928

Google Scholar

[4] NIST Special Publication 800-30 Revision 1, Information Security - Guide for Conducting Risk Assessments, available at: http: /csrc. nist. gov/publications/nistpubs/800-30-rev1/sp800_30_r1. pdf, accessed: 21. 12. (2014).

Google Scholar

[5] http: /www. riscomatic. com/blog/wp-content/uploads/2014/07/ISO-27005-Risk-Management-Flowchart. png, accessed: 12. 02. (2015).

Google Scholar

[6] D. Ionita, Current Established Risk Assessment Methodologies and Tools – Master Thesis - Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) Department of Computer Science - Information Systems group – Universiteit Twente, (2013).

Google Scholar

[7] https: /www. clusif. asso. fr/en/production/mehari/#vulnerabilities, accessed: 12. 02. (2015).

Google Scholar

[8] G. Bornman, L. Labuschagne, A comparative framework for evaluating information security risk management methods, in Proceedings of the Information Security South Africa Conference, 2004, pp.7-14.

Google Scholar

[9] C. Alberts, A. Dorofee, Managing Information Security Risks: The OCTAVE Approach. Boston, MA: Addison-Wesley, (2002).

Google Scholar

[10] Cert Coordination Center, The OCTAVE approach, 2003, available at: http: /www. cert. org/, accessed: 21. 12. (2014).

Google Scholar

[11] C. Alberts, A. Dorofee, J. Stevens, Carol Woody, Introduction to the OCTAVE. Approach, Pittsburgh, PA 15213-3890, (2003).

DOI: 10.21236/ada634134

Google Scholar

[12] A. Behnia, R. A. Rashid, J. A. Chaudhry. A survey of information security risk analysis methods. Smart Computing Review. 2, 1 (2012) 79-94.

Google Scholar

[13] Kiyoshi Nagata, Construction of Effective Database System for Information Risk Mitigation, Security Enhanced Applications for Information Systems, Dr. Christos Kalloniatis (Ed. ), InTech, 2012, available from: http: /www. intechopen. com/books/security-enhanced-applications-for-informationsystems/construction-of-effective-database-system-for-information-risk-mitigation, accessed: 26. 03. (2015).

DOI: 10.5772/38492

Google Scholar

[14] F. Fechete, A. Nedelcu, Risk assessment affecting organization performance, Advances in Economics, Law and Political Sciences, University of Braşov, (2014).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.