文章基本信息

标题：Risk Management for ISO 27005 Decision support
本地全文：下载
作者：HANANE BAHTIT ; BOUBKER REGRAGUI
期刊名称：International Journal of Innovative Research in Science, Engineering and Technology
印刷版ISSN：2347-6710
电子版ISSN：2319-8753
出版年度：2013
卷号：2
期号：3
页码：530
出版社：S&S Publications
摘要：The security of information systems focuses on raising the level of business security while aligning with its strategy and objectives. The family of ISO 2700x, whose theme is: Informatio n technology - Security techniques, allows taking into account all of these security problems, by offering a pack of uniform and standards that respect the continuous improvement cycle PDCA. Being closely linked to the security of information systems, the risk management consists of assessing the uncertainty of the future to make the best decision possible today. Risk management and all decision processes fall within this problematic. The decision making on the Information security risk management requires taking into account an increasing amount of data of different types and qualities. As a result, risk managers increasingly use computers to provide powerful tools for decision support. The aim o f this article is to make an overview of the ISO 2700x, focusing more particularly on the content of the ISO 27005 standard, ded icated to information security risk management. In this context, a UML modeling of the processes of ISO 27005 is presented as an improvement o f this modeling b y cri teria and indicators that support the quality of decision making in various decision points. This is the vision of increasing the efficiency and effectiveness of decision making process.
关键词：Information Systems Security; risk management; decision making; ISO 2700x; ISO 27005