TY - JOUR
T1 - An integrated system for information security management with the unified framework
AU - Yang, Tsung Han
AU - Ku, Cheng-Yuan
AU - Liu, Man Nung
N1 - Publisher Copyright:
© 2014 Taylor & Francis.
PY - 2016/1/2
Y1 - 2016/1/2
N2 - Information security management plays an essential role for drawing the roadmap of information security; thus, many theoretical methodologies and practical standards are brought into this domain. However, many standards and methodologies are too cumbersome to be adopted by an organization. Additionally, there is no unified framework to systematically handle the tedious tasks of information security management. This studys primary goal is to design an integrated system for information security management (ISISM) that aims to use current methodologies and standards to solve the above-mentioned issues. Because business impact analysis and risk analysis are the most important areas within this domain, we carefully select the related methods and then integrate them into a unified framework, upon which the proposed ISISM depends. To achieve this outcome for this study, security requirement engineering is adopted, which enables the designed system to support system users in generating risk assessment reports with related information security policies.
AB - Information security management plays an essential role for drawing the roadmap of information security; thus, many theoretical methodologies and practical standards are brought into this domain. However, many standards and methodologies are too cumbersome to be adopted by an organization. Additionally, there is no unified framework to systematically handle the tedious tasks of information security management. This studys primary goal is to design an integrated system for information security management (ISISM) that aims to use current methodologies and standards to solve the above-mentioned issues. Because business impact analysis and risk analysis are the most important areas within this domain, we carefully select the related methods and then integrate them into a unified framework, upon which the proposed ISISM depends. To achieve this outcome for this study, security requirement engineering is adopted, which enables the designed system to support system users in generating risk assessment reports with related information security policies.
KW - business impact analysis
KW - information security management
KW - information security policy
KW - risk analysis
KW - security requirement engineering
UR - http://www.scopus.com/inward/record.url?scp=84948587754&partnerID=8YFLogxK
U2 - 10.1080/13669877.2014.940593
DO - 10.1080/13669877.2014.940593
M3 - Article
AN - SCOPUS:84948587754
SN - 1366-9877
VL - 19
SP - 21
EP - 41
JO - Journal of Risk Research
JF - Journal of Risk Research
IS - 1
ER -