Technical analysis of enterprise information security

2014 ◽  
Author(s):  
Ying Wu
Keyword(s):  
Information Security ◽  
Technical Analysis ◽  
Enterprise Information

scholarly journals SELECTING SAFETY PACKAGE COMPONENTS OF ENTERPRISE INFORMATION SYSTEM FOLLOWING REQUIREMENTS OF STANDARD LEGAL DOCUMENTS

2018 ◽  
Vol 18 (3) ◽  
pp. 333-338
Author(s):  
E. A. Vitenburg ◽  
A. A. Levtsova
Keyword(s):  
Information System ◽  
Information Security ◽  
International Standards ◽  
Protection System ◽  
Enterprise Information System ◽  
Enterprise Information ◽  
Research Results ◽  
Legal Documents ◽  
The Russian Federation ◽  
Selection Of

Introduction. Production processes quality depends largely on the management infrastructure, in particular, on the information system (IS) effectiveness. Company management pays increasingly greater attention to the safety protection of this sphere. Financial, material and other resources are regularly channeled to its support. In the presented paper, some issues on the development of a safety enterprise information system are considered.Materials and Methods. Protection of the enterprise IS considers some specific aspects of the object, and immediate threats to IT security. Within the framework of this study, it is accepted that IS are a complex of data resources. A special analysis is resulted in determining categories of threats to the enterprise information security: hacking; leakage; distortion; loss; blocking; abuse. The connection of these threats, IS components and elements of the protection system is identified.  The requirements of normative legal acts of the Russian Federation and international standards regulating this sphere are considered. It is shown how the analysis results enable to validate the selection of the elements of the IS protection system.Research Results. A comparative analysis of the regulatory literature pertinent to this issue highlights the following. Different documents offer a different set of elements (subsystems) of the enterprise IS protection system. To develop an IS protection program, you should be guided by the FSTEC Order No. 239 and 800-82 Revision 2 Guide to ICS Security.Discussion and Conclusions. The presented research results are the basis for the formation of the software package of intellectual support for decision-making under designing an enterprise information security system. In particular, it is possible to develop flexible systems that allow expanding the composition  of the components (subsystems).

Enterprise Information Security Policies, Standards, and Procedures

2012 ◽  
pp. 67-89
Author(s):  
Syed Irfan Nabi ◽  
Ghmlas Saleh Al-Ghmlas ◽  
Khaled Alghathbar
Keyword(s):  
Information Security ◽  
Security Policies ◽  
Mutual Relationship ◽  
Enterprise Information ◽  
Key Players ◽  
Different Types ◽  
Standards And Guidelines ◽  
Security Standards ◽  
National Information

This chapter explores enterprise information security policies, standards, and procedures. It examines the existing resources, analyses the available options, and offers recommendations to the CIOs and other people that have to make decisions about policies, standards, and procedures to ensure information security in their enterprise. Additionally, the need, requirements, and audience for different types of security documents are scrutinized. Their mutual relationship is examined, and the association among them is illustrated with a diagram supplemented by an example to bring about better comprehension of these documents. It is important to know the sources and organizations that make standards and guidelines. Therefore, the major ones are discussed. This research involved finding all of the relevant documents and analyzing the reasons for the ever-increasing number of newer ones and the revisions of the existing ones. Various well-known and established international, as well as national, information security standards and guidelines are listed to provide a pertinent collection from which to choose. The distinguishing factors and common attributes are researched to make it easier to classify these documents. Finally, the crux of the chapter involves recommending appropriate information security standards and guidelines based on the sector to which an organization belongs. An analysis of the role played by these standards and guidelines in the effectiveness of information security is also discussed, along with some caveats. It is important for practitioners and researchers to know what is available, who the key players are, and the potential issues with information security standards and guidelines; they are all concisely presented in this chapter.

Aligning IT Teams' Risk Management to Business Requirements

2011 ◽  
pp. 301-315 ◽  
Author(s):  
Corey Hirsch ◽  
Jean-Noel Ezingeard
Keyword(s):  
Risk Management ◽  
Risk Perception ◽  
Information Security ◽  
Risk Perceptions ◽  
Management Strategy ◽  
Risk Tolerance ◽  
Management Teams ◽  
Enterprise Information ◽  
Management Plans ◽  
Perceive Risk

Achieving alignment of risk perception, assessment, and tolerance among and between management teams within an organisation is an important foundation upon which an effective enterprise information security management strategy can be built .We argue the importance of such alignment based on information security and risk assessment literature. Too often lack of alignment dampens clean execution of strategy, eroding support during development and implementation of information security programs . We argue that alignment can be achieved by developing an understanding of enterprise risk management plans and actions, risk perceptions and risk culture. This is done by examining context, context and process. We illustrate this through the case of LeCroy Corp., illustrating how LeCroy managers perceive risk in practice, and how LeCroy fosters alignment in risk perception and execution of risk management strategy as part of an overall information security program. We show that in some circumstances diversity of risk tolerance profiles aide a management teams’ function. In other circumstances, variances lead to dysfunction. We have uncovered and quantified nonlinearities and special cases in LeCroy executive management’s risk tolerance profiles.

Sign in / Sign up

Export Citation Format

Share Document