Czasopismo
Tytuł artykułu
Warianty tytułu
Języki publikacji
Abstrakty
Information technology is widely used in processes vital to enterprises. Therefore, IT systems must meet at least the same level of security as required from the business processes supported by these systems. In this paper, we present a view on cybersecurity management as an enterprise-centered process, and we advocate the use of enterprise architecture in security management. Activities such as risk assessment, selection of security controls, as well as their deployment and monitoring should be carried out as a part of enterprise architecture activity. A set of useful frameworks and tools is presented and discussed.(original abstract)
Rocznik
Tom
Strony
863--870
Opis fizyczny
Twórcy
autor
- AGH University of Science and Technology Kraków, Poland
autor
- AGH University of Science and Technology Kraków, Poland
autor
- AGH University of Science and Technology Kraków, Poland
autor
- AGH University of Science and Technology Kraków, Poland
autor
- AGH University of Science and Technology Kraków, Poland
autor
- AGH University of Science and Technology Kraków, Poland
autor
- AGH University of Science and Technology Kraków, Poland
Bibliografia
- "Information Technology-Security Techniques-Code of Practice for Information Security Management," ISO/IEC 27002, Oct. 2005.
- "Managing Information Security Risk. Organization, Mission, and Information System View," NIST SP 800-39, Mar. 2011.
- "Security and Privacy Controls for Federal Information Systems and Organizations," NIST SP 800-53, Feb. 2012.
- Ackermann T., IT Security Risk Management. Perceived IT Security Risks in the Context of Cloud Computing. Wiesbaden, Germany: Springer Fachmedien, 2013.
- Anderson E. E., "Firm Objectives, IT Alignment, and Information Security," IBM Journal of Research and Development, vol. 54, no. 3, May/Jun. 2010, paper 5. [Online]. Available: http://dx.doi.org/10.1147/JRD.2010.2044256
- Araujo Wickboldt J. et al., "A Framework for Risk Assessment based on Analysis of Historical Information of Workflow Execution in IT Systems," Computer Networks, vol. 55, no. 13, pp. 2954-2975, Sep. 15, 2011. [Online]. Available: http://dx.doi.org/10.1016/j.comnet.2011.05.025
- Barateiro J. et al., "Manage Risks through the Enterprise Architecture," in Proc. 45rd Hawaii International Conference on System Sciences HICSS-45, Grand Wailea, Maui, HI, Jan. 4-7, 2012. [Online]. Available: http://dx.doi.org/10.1109/HICSS.2012.419
- Chołda P. and Helvik B. E., "Reliable Network-based Services," Computer Communications, vol. 36, no. 6, pp. 607-610, Mar. 15, 2013. [Online]. Available: http://dx.doi.org/10.1016/j.comcom.2013.01.003
- Chołda P. et al., "Towards Risk-aware Communications Networking," Reliability Engineering & System Safety, vol. 109, pp. 160-174, Jan. 2013. [Online]. Available: http://dx.doi.org/10.1016/j.ress.2012.08.009
- Chołda P., "Risk-Aware Design and Management of Resilient Networks," in Proc. 4th International Workshop on Resilience and IT-Risk in Social Infrastructures RISI 2014, Fribourg, Switzerland, Sep. 8, 2014.
- Cleeff A. van, "A Risk Management Process for Consumers: The Next Step in Information Security," in Proc. New Security Paradigms Workshop NSPW'10, Concord, MA, Sep. 21-23, 2010. [Online]. Available: http://dx.doi.org/10.1145/1900546.1900561
- Costello T., "Business Continuity: Beyond Disaster Recovery," IT Professional, vol. 14, no. 5, pp. 62-64, Sep./Oct. 2012. [Online]. Available: http://dx.doi.org/10.1109/MITP.2012.92
- Fenz S. et al., "Information Security Risk Management: In Which Security Solutions Is It Worth Investing?" Communications of the Association for Information Systems, vol. 28, no. 22, pp. 329-356, May 2011.
- Gonzalez A. J. and Helvik B. E., "SLA Success Probability Assessment in Networks with Correlated Failures," Computer Communications, vol. 36, no. 6, pp. 708-717, Mar. 2013. [Online]. Available: http://dx.doi.org/10.1016/j.comcom.2012.08.007
- Haimes Y. Y., "Models for Risk Management of Systems of Systems," International Journal of System of Systems Engineering, vol. 1, no. 1/2, pp. 222-236, 2008. [Online]. Available: http://dx.doi.org/10.1504/IJSSE.2008.018138
- Johnson M. E. et al., "Security through Information Risk Management," IEEE Security & Privacy, vol. 7, no. 3, pp. 45-52, May/Jun. 2009. [Online]. Available: http://dx.doi.org/10.1109/MSP.2009.77
- Mastroeni L. and Naldi M., "Violation of Service Availability Targets in Service Level Agreements," in Proc. Federated Conference on Computer Science and Information Systems FedCSIS 2011, Szczecin, Poland, Sep. 18-21, 2011.
- Pacyna P. et al., "Założenia i cele metodyki OKIT do wdrażania systemu bezpieczeństwa teleinformacyjnego w infrastrukturach krytycznych," in Nowoczesne systemy łączności i transmisji danych na rzecz bezpieczeństwa. Szanse i zagrożenia, A. R. Pach et al., Eds. Warszawa, Poland: Wolters Kluwer Polska SA, 2013, pp. 442-457, (in Polish).
- Pacyna P. et al., OKIT. Metodyka ochrony teleinformacyjnych infrastruktur krytycznych. Warszawa, Poland: Wydawnictwo Naukowe PWN, 2013, (in Polish).
- Rapacz N. et al., "Elementy skutecznego zarządzania bezpieczeństwem w przedsiębiorstwach obsługujących infrastruktury krytyczne," in Nowoczesne systemy łączności i transmisji danych na rzecz bezpieczeństwa. Szanse i zagrożenia, A. R. Pach et al., Eds. Warszawa, Poland: Wolters Kluwer Polska SA, 2013, pp. 458-475, (in Polish).
- Rinaldi S. M. et al., "Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies," IEEE Control Systems Magazine, vol. 21, no. 6, pp. 11-25, Dec. 2001. [Online]. Available: http://dx.doi.org/10.1109/37.969131
- Todinov M., Risk-Based Reliability Analysis and Generic Principles for Risk Reduction. Amsterdam, The Netherlands: Elsevier Science & Technology Books, 2006.
Typ dokumentu
Bibliografia
Identyfikatory
Identyfikator YADDA
bwmeta1.element.ekon-element-000171335477
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.