Visible to the public Implementation of the Risk-based Approach Methodology in Information Security Management Systems

TitleImplementation of the Risk-based Approach Methodology in Information Security Management Systems
Publication TypeConference Paper
Year of Publication2021
AuthorsAleksandrov, Mark N., Vasiliev, Victor A., Aleksandrova, Svetlana V.
Conference Name2021 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS)
KeywordsCompanies, Human Behavior, human factors, Information security, ISO 27001, ISO 31000, ISO standards, Management system, Metrics, Production, pubcrawl, quality management, resilience, Resiliency, risk, risk management, Scalability, security risk management, Standards organizations, Systematics
AbstractCurrently, most companies systematically face challenges related to the loss of significant confidential information, including legally significant information, such as personal data of customers. To solve the problem of maintaining the confidentiality, integrity and availability of information, companies are increasingly using the methodology laid down in the basis of the international standard ISO / IEC 27001. Information security risk management is a process of continuous monitoring and systematic analysis of the internal and external environment of the IT environment, associated with the further adoption and implementation of management decisions aimed at reducing the likelihood of an unfavorable result and minimizing possible threats to business caused by the loss of manageability of information that is important for the organization. The article considers the problems and approaches to the development, practical implementation, and methodology of risk management based on the international standard ISO 31000 in the modern information security management system.
DOI10.1109/ITQMIS53292.2021.9642767
Citation Keyaleksandrov_implementation_2021