An integrated system for information security management with the unified framework

Tsung Han Yang*, Cheng-Yuan Ku, Man Nung Liu

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

8 Scopus citations

Abstract

Information security management plays an essential role for drawing the roadmap of information security; thus, many theoretical methodologies and practical standards are brought into this domain. However, many standards and methodologies are too cumbersome to be adopted by an organization. Additionally, there is no unified framework to systematically handle the tedious tasks of information security management. This studys primary goal is to design an integrated system for information security management (ISISM) that aims to use current methodologies and standards to solve the above-mentioned issues. Because business impact analysis and risk analysis are the most important areas within this domain, we carefully select the related methods and then integrate them into a unified framework, upon which the proposed ISISM depends. To achieve this outcome for this study, security requirement engineering is adopted, which enables the designed system to support system users in generating risk assessment reports with related information security policies.

Original languageEnglish
Pages (from-to)21-41
Number of pages21
JournalJournal of Risk Research
Volume19
Issue number1
DOIs
StatePublished - 2 Jan 2016

Keywords

  • business impact analysis
  • information security management
  • information security policy
  • risk analysis
  • security requirement engineering

Fingerprint

Dive into the research topics of 'An integrated system for information security management with the unified framework'. Together they form a unique fingerprint.

Cite this