PL
 |
EN

PL EN

Preferencje help
Polish version English version Język
Widoczny [Schowaj] Abstrakt
Liczba wyników
Czasopismo

Engineering Management in Production and Services

2024 | nr 2 | 148--165
Tytuł artykułu

Process Security Methods and Measurement in the Context of Standard Management Systems

Autorzy
Agnes Kemendi , Pal Michelberger
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
The main purpose of the paper is to identify ways to establish process security in the constantly changing risk and control environment and to introduce a new model. The research is based on a literature review of process security components. Qualitative content analysis was used to establish a linkage between the certified management systems and the level of process security. Elaborations have been conducted based on the survey data of the International Standards Organisation (ISO) and served as a basis for analysis of certification types and their sectoral division in the European Union (EU) member states. A new Balanced Scorecard has been developed to cover the security pillars in the context of standard management systems and serve as a framework for process security measurement. The research paper processes the state-of-the-art issue of process security, introduces components that help to establish process security, and establishes a linkage between the level of process security and certified management systems. An analysis was based on the ISO certification information related to different management system standards. Management systems were analysed in the context of process security and corresponding process performance measures. A brief walkthrough has been prepared to demonstrate the processes behind the underlying performance measures. A new Balanced Scorecard approach has been developed that maps and covers different security aspects retrieved from and linked to different management system standards. The new Balanced Scorecard based on different security aspects of entities can be leveraged by any organisation, regardless of its size or business profile. (original abstract)
Słowa kluczowe
EN
PL
Czasopismo
Engineering Management in Production and Services
Rocznik
2024
Numer
nr 2
Strony
148--165
Opis fizyczny
Twórcy
autor
Agnes Kemendi
  • Óbuda University, Hungary
autor
Pal Michelberger
  • Óbuda University, Hungary
Bibliografia
  • Alolah, T., Stewart, R.A., Panuwatwanich, K., & Mohamed, S. (2014). Determining the causal relationships among balanced scorecard perspectives on school safety performance: Case of Saudi Arabia. Accident Analysis & Prevention, 68, 57-74.
  • Amer, F., Hammoud, S., Khatatbeh, H., Lohner, S., Boncz, I., & Endrei, D. (2022). The deployment of balanced scorecard in health care organisations: is it beneficial? A systematic review. BMC Health Services Research, 22(1), 1-14.
  • Anthony, R.N. (1965). Planning and control systems: a framework for analysis. Boston: Harvard Business School.
  • Arsenault, B. (2023). Your Biggest Cybersecurity Risks Could Be Inside Your Organisation. Harvard Business Review. Retrieved from https://hbr.org/2023/03/your-biggest-cybersecurity-risks-could-be-inside-your-organisation
  • Azour, F., Moussami, H.E., Dahbi, S., & Ezzine, L. (2017). Integration of health and safety at work and environment perspectives in the balanced scorecard. Proceedings of the International Conference on Industrial Engineering and Operations Management Rabat Morocco, 1113-1121.
  • Badreddine, A., Romdhane, T.B., & Amor, N.B. (2009). A New Process-Based Approach for Implementing an Integrated Management System: Quality, Security, Environment. International Multi-Conference of Engineers and Computer Scientists, 1742-1747.
  • Bakhtina, M., Matulevičius, R., & Seeba, M. (2023). Tool-supported method for privacy analysis of a business process model, Journal of Information Security and Applications, 76. doi: 10.1016/j.jisa.2023.103525
  • Beheshti, A.R., Kamali, K., Arghami, S., & Mohammadi, A. (2018). Assessing the Performance of the Health, Safety and Environment Management System (HSE) using the Modified Balanced Scorecard Model. Journal of Iranian Medical Council, 1(2), 87-95.
  • Čiutienė, R., Čiarnienė, R., & Gaidelys, V. (2022). Safety and Health at the Workplace in the Context of COVID-19: The Case of a Dental Clinic. Engineering Management in Production and Services,14(2), 95-105. doi: 10.2478/emj-2022-0019
  • Corrales-Estrada, A.M., Gómez-Santos, L.L., Bernal-Torres, C.A., & Rodriguez-López, J.E. (2021). Sustainability and Resilience Organisational Capabilities to Enhance Business Continuity Management: A Literature Review. Sustainability, 13(15), 8196. doi: 10.3390/su13158196
  • Daubner, L., Macak, M., Matulevičius, R., Buhnova, B., Maksović, S., & Pitner, T. (2023). Addressing insider attacks via forensic-ready risk management, Journal of Information Security and Applications, 73. doi: 10.1016/j.jisa.2023.103433
  • Davis, R. (2008). Aris Design Platform (Advanced Process Modelling and Administration). Springer London Ltd.
  • Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(2), 92-100. doi: 10.4236/jis.2013.42011
  • ENISA. (2006). Risk Management - Principles and Inventories for Risk Management/Risk Assessment methods and tools. Trusted Business Partners Technical Department of ENISA Section Risk Management ENISA.
  • Erazo-Chamorro, V.C., Arciniega-Rocha, R.P., Nagy, R., Babos, T., & Szabo, Gy. (2022). Safety Workplace: The Prevention of Industrial Security Risk Factors. Applied Sciences, 12(21). doi: 10.3390/app122110726
  • European Union. (2022). Country profiles EU-27. Retrieved from https://european-union.europa.eu/principles-countries-history/country-profiles_en
  • Fatkieva, R., & Krupina, A. (2020). Enterprise Information Security Assessment Using Balanced Scorecard. Advances in Automation: Proceedings of the International Russian Automation Conference, RusAutoCon 2019, September 8-14, 2019, Sochi, Russia, 1147-1157.
  • Fiore, A.P., Facin, A.L.F., & Muniz, J. Jr. (2023). Information security and quality management systems integration: challenges and critical factors. International Journal for Quality Research, 17(3), 635-650.
  • Giannopoulos, G., Holt, A., Khansalar, E., & Cleanthous, S. (2013). The use of the balanced scorecard in small companies. International Journal of Business and Management, 8(14), 1-22. doi: 10.5539/ijbm.v8n14p1
  • Graneheim, U.H., Lindgren, B.M., & Lundman, B. (2017). Methodological challenges in qualitative content analysis: A discussion paper. Nurse Education Today, 56, 29-34.
  • Hammer, M., & Champy, J. (1993). Reengineering the Corporation: A Manifesto for Business Revolution. HarperBusiness. doi: 10.1016/S0007-6813(05)80064-3
  • Herath, T.C., Herath, H.S., & Cullum, D. (2023). An information security performance measurement tool for senior managers: Balanced scorecard integration for security governance and control frameworks. Information Systems Frontiers, 25(2), 681-721. https://isotc.iso.org/livelink/livelink/fetch/-8853493/8853511/8853520/18808772/0
  • Humphreys, E. (2011). Information security management system standards. Datenschutz und Datensicherheit - DuD, 35(1), 7-11. doi: 10.1007/s11623-011-0004-3
  • International Organisation for Standardization (ISO). Management System Standards. Retrieved from https://www.iso.org/management-system-standards.html
  • ISO 14001:2015. Environmental management systems - Requirements with guidance for use.
  • ISO 22301:2019. Security and resilience - Business continuity management systems - Requirements.
  • ISO 28000:2022. Security and resilience - Security management systems - Requirements.
  • ISO 28001:2007. Security management systems for the supply chain - Best practices for implementing supply chain security, assessments and plans - Requirements and guidance.
  • ISO 31000:2018. Risk management - Guidelines.
  • ISO 37001:2016. Anti-bribery management systems - Requirements with guidance for use.
  • ISO 45001:2018. Occupational health and safety management systems - Requirements with guidance for use.
  • ISO 50001:2018. Energy management systems - Requirements with guidance for use.
  • ISO 9001:2015. Quality management systems - Requirements.
  • ISO Survey of certifications to management system standards - Full results. Retrieved from https://isotc.iso.org/livelink/livelink?func=ll&objId=18808772&objAction=browse&viewType=1
  • ISO. (2019). ISO 9001: 2015 How to use it. International Organisation for Standardization. Retrieved from https://www.iso.org/files/live/sites/isoorg/files/store/en/PUB100373.pdf
  • ISO. (2021). The ISO Survey of Management System Standard Certifications - 2020 - Explanatory Note. International Organisation for Standardization. Retrieved from
  • ISO/IEC 20000-1:2018. Information technology - Service management - Part 1: Service management system requirements.
  • ISO/IEC 27001:2013. Information technology - Security techniques - Information security management systems - Requirements.
  • ISO/IEC 27001:2013/Cor 1:2014. Information technology - Security techniques - Information security management systems - Requirements - Technical Corrigendum 1.
  • ISO/IEC 27001:2013/Cor 2:2015. Information technology - Security techniques - Information security management systems - Requirements - Technical Corrigendum 2.
  • ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection Information security management systems Requirements.
  • ISO/IEC 27005:2022. Information security, cybersecurity and privacy protection Guidance on managing information security risks.
  • Kaplan, R.S., & Norton, D.P. (1992). The balanced scorecard: measures that drive performance. Harvard Business Review, 70(1), 71-79.
  • Kaplan, R.S., & Norton, D.P. (1993). Putting the balanced scorecard to work. Harvard Business Review, 71(5), 134-147.
  • Keen, R. (2022). Benefits of and Environmental Management System. Retrieved from https://www.iso-9001-checklist.co.uk/ISO-14001/benefits-of-an-environmental-management-system.htm
  • Kemendi, A. (2022). The safety-net - the safety network of controls [A biztonság hálózata - a kontrollok biztonsági hálózata]. Current Social and Economic Processes [Jelenkori Társadalmi és Gazdasági Folyamatok], 17(1-2), 77-90. doi: 10.14232/jtgf.2022.1-2.77-90
  • Kemendi, A., Michelberger, P.; & Mesjasz-Lech, A. (2021). ICT security in businesses - efficiency analysis, Entrepreneurship and Sustainability Issues, 9(1), 123-149. doi: 10.9770/jesi.2021.9.1(8)
  • Kern, S., Baumer, T., Groll, S., Fuchs, L., & Pernul, G. (2022). Optimization of Access Control Policies. Journal of Information Security and Applications, 70. doi: 10.1016/j.jisa.2022.103301
  • Kilpatrick, J. (2003). Lean principles. Utah Manufacturing Extension Partnership, 68(1), 1-5.
  • Kitsios, F., Chatzidimitriou, E., & Kamariotou, M. (2023). The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector. Sustainability, 15(7), 5828.
  • Labodová, A. (2004). Implementing integrated management systems using a risk analysis based approach. Journal of Cleaner Production, 12(6), 571-580. doi: 10.1016/j.jclepro.2003.08.008
  • Lin, W.C., & Cheng, H.H. (2021). Improving maritime safety through enhancing marine process management: The application of balanced scorecard. Management Decision, 59(3), 604-615.
  • Lindgren, B.-M., Lundman, B., Graneheim, U.H. (2020). Abstraction and interpretation during the qualitative content analysis process. International Journal of Nursing Studies, 108. doi: 10.1016/j.ijnurstu.2020.103632
  • Madsen, D.Ø., & Stenheim, T. (2015). The Balanced Scorecard: A Review of Five Research Areas. American Journal of Management, 15(2), 24-41.
  • Malina, M.A., & Selto, F.H. (2001). Communicating and Controlling Strategy: An Empirical Study of the Effectiveness of the Balanced Scorecard. SSRN. doi: 10.2139/ssrn.278939
  • Mearns, K., & Ivar Håvold, J. (2003). Occupational health and safety and the balanced scorecard. The TQM Magazine, 15(6), 408-423.
  • Mendes, Jr., De Jesus Alvares, I., & Alves, M.D.C. (2023). The balanced scorecard in the education sector: A literature review. Cogent Education, 10(1), 2160120.
  • Michelberger, P. (2014). Risk Management for Business Trust. In: Michelberger, P. (Ed.) MEB 2014: Management. Enterprise and Benchmarking in the 21st Century (pp. 401-413). Budapest, Hungary: Óbuda University.
  • Michelberger, P., & Kemendi, A. (2020). Data, information and IT security - software support for security activities. Problems of Management in the 21st Century, 15(2), 108-124. doi: 10.33225/pmc/20.15.108
  • Mohamed, S. (2003). Adaptation of the balanced scorecard to measure organisational safety culture. Journal of Construction Research, 4(01), 45-57.
  • O'Neill, P., & Sohal, A.S. (1999). Business Process Reengineering A review of recent literature. Technovation, 19 (9), 571-581. doi: 10.1016/S0166-4972(99)00059-0
  • Peters, D.H., Noor, A.A., Singh, L.P., Kakar, F.K., Hansen, P.M., & Burnham, G. (2007). A balanced scorecard for health services in Afghanistan. Bulletin of the world Health Organisation, 85(2), 146-151.
  • Porter, M.E. (1985). Competitive Advantage Creating and Sustaining Superior Performance. New York, USA: Free Press.
  • Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. Information Management Journal - Prairie Village, 39(4), 60.
  • Strauss, E., & Zecher, Ch. (2013). Management Control Systems: A Review, Journal of Management Control, 23, 233-268. doi: 10.1007/s00187-012-0158-7
  • Swuste, P., Theunissen, J., Schmitz, P., Reniers, G, & Blokland, P. (2016). Process safety indicators, a review of literature. Journal of Loss Prevention in the Process Industries, 40, 162-173. doi: 10.1016/j.jlp.2015.12.020
  • Tallau, L.J., Gupta, M., & Sharman, R. (2010). Information security investment decisions: evaluating the balanced scorecard method. International Journal of Business Information Systems, 5(1), 34-57.
  • Tawse, A., & Tabesh, P. (2023). Thirty years with the balanced scorecard: What we have learned. Business Horizons, 66(1), 123-132.
  • Tworek, K. (2023). IT reliability as a source of sustainability for organisations operating during the COVID-19 pandemic. Engineering Management in Production and Services,15(1) 29-40. doi: 10.2478/emj-2023-0003
  • Ulewicz, R., & Kucęba, R. (2016). Identification of problems of implementation of Lean concept in the SME sector. Engineering Management in Production and Services, 8(1) 2016, doi: 10.1515/emj-2016-0002
  • van der Aalst, W.M.P., La Rosa, M. & Santoro, F.M. (2016). Business Process Management: Don't Forget to Improve the Process!. Business and Information Systems Engineering, 58(1), doi: 10.1007/s12599-015-0409-x
  • van Zadelhogg, M. (2016). The Biggest Cybersecurity Threats Are Inside Your Company. Harvard Business Review. Retrieved from https://hbr.org/2016/09/the-biggest-cybersecurity-threats-are-inside-your-company
  • Wallace, T.F., Kremzar, M.H., & Kremzar, M. (2001). Erp - Making It Happen; The Implementers' Guide to Success with Enterprise Resource Planning. John Wiley & Sons.
  • Wolter, C., Menzel, M., Schaad, A., Miseldine, P., & Meinel, C. (2009). Model-driven business process security requirement specification. Journal of Systems Architecture, 55, 211-222. doi: 10.1016/j.sysarc.2008.10.002
Typ dokumentu
Bibliografia
Identyfikatory
DOI
https://doi.org/10.2478/emj-2024-0019
Identyfikator YADDA
bwmeta1.element.ekon-element-000171693823

Zgłoszenie zostało wysłane

Zgłoszenie zostało wysłane

Musisz być zalogowany aby pisać komentarze.
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.