Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 4 of 4
Full-Text Articles in Physical Sciences and Mathematics
A Collaborative Process Based Risk Analysis For Information Security Management Systems, Bilge Karabacak, Sevgi Ozkan
A Collaborative Process Based Risk Analysis For Information Security Management Systems, Bilge Karabacak, Sevgi Ozkan
All Faculty and Staff Scholarship
Today, many organizations quote intent for ISO/IEC 27001:2005 certification. Also, some organizations are en route to certification or already certified. Certification process requires performing a risk analysis in the specified scope. Risk analysis is a challenging process especially when the topic is information security. Today, a number of methods and tools are available for information security risk analysis. The hard task is to use the best fit for the certification. In this work we have proposed a process based risk analysis method which is suitable for ISO/IEC 27001:2005 certifications. Our risk analysis method allows the participation of staff to the …
Collaborative Risk Method For Information Security Management Practices: A Case Context Within Turkey, Bilge Karabacak, Sevgi Ozkan
Collaborative Risk Method For Information Security Management Practices: A Case Context Within Turkey, Bilge Karabacak, Sevgi Ozkan
All Faculty and Staff Scholarship
In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Turkey. The findings and lessons learned presented in this case provide useful insights for practitioners when implementing information security management projects in other international public sector organizations.
A Quantitative Method For Iso 17799 Gap Analysis, Bilge Karabacak, Ibrahim Sogukpinar
A Quantitative Method For Iso 17799 Gap Analysis, Bilge Karabacak, Ibrahim Sogukpinar
All Faculty and Staff Scholarship
ISO/IEC 17799:2005 is one of the leading standards of information security. It is the code of practice including 133 controls in 11 different domains. There are a number of tools and software that are used by organizations to check whether they comply with this standard. The task of checking compliance helps organizations to determine their conformity to the controls listed in the standard and deliver useful outputs to the certification process. In this paper, a quantitative survey method is proposed for evaluating ISO 17799 compliance. Our case study has shown that the survey method gives accurate compliance results in a …
Isram: Information Security Risk Analysis Method, Bilge Karabacak, Ibrahim Sogukpinar
Isram: Information Security Risk Analysis Method, Bilge Karabacak, Ibrahim Sogukpinar
All Faculty and Staff Scholarship
Continuously changing nature of technological environment has been enforcing to revise the process of information security risk analysis accordingly. A number of quantitative and qualitative risk analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today's information security risks properly. Some of these methods are supported by a software package. In this study, a survey based quantitative approach is proposed to analyze security risks of information technologies by taking current necessities into consideration. The new method is named as Information Security Risk Analysis Method (ISRAM). Case study has shown that ISRAM yields …