Information security management plays an essential role for drawing the roadmap of information security; thus, many theoretical methodologies and practical standards are brought into this domain. However, many standards and methodologies are too cumbersome to be adopted by an organization. Additionally, there is no unified framework to systematically handle the tedious tasks of information security management. This studys primary goal is to design an integrated system for information security management (ISISM) that aims to use current methodologies and standards to solve the above-mentioned issues. Because business impact analysis and risk analysis are the most important areas within this domain, we carefully select the related methods and then integrate them into a unified framework, upon which the proposed ISISM depends. To achieve this outcome for this study, security requirement engineering is adopted, which enables the designed system to support system users in generating risk assessment reports with related information security policies.
- business impact analysis
- information security management
- information security policy
- risk analysis
- security requirement engineering