№2, 2013

SECURITY REQUIREMENTS CLASSIFICATION MODEL FOR INFORMATION SECURITY MANAGEMENT IN CORPORATE INFORMATION SYSTEMS
Elchin A. Aliyev

The research paper develops a classification model for the purpose of systematic determination of the information security requirements for information security management in corporate information systems. - processes and subjects ("human factor") belonging to the information system are accepted as model’s system elements - targets of security requirements objects and classification models are proposed for them. The paper defines a common platform for coordination of classifications of security requirements, potential risks associated with these requirements, and adequate counter-measures for these risks, as well as for creating a unified registry. (pp. 67-76)

Keywords:information security management, security requirements, security requirements classification, security requirement target, adequate protection, coordination of classifications, unified registry
References
  • Əliquliyev R.M., İmamverdiyev Y.N., Yusifov F.F., Cəmiyyətin informasiya təhlükəsizliyinə dair bəzi konseptual baxışlar // İnformasiya cəmiyyəti problemləri, 2011, №2, s. 3-9.
  • Əliyev E.A., İnformasiya sistemlərində fərdi məlumatların həyat tsiklinin tənzimlənməsi problemləri // İnformasiya cəmiyyəti problemləri, 2011, №1, s. 56-68.
  • ISO/IEC-27001:2013 Information technology - Security techniques - İnformation security management systems -- Requirements. 2013, 23 p.
  • Colwill C., Human factors in information security: The insider threat - Who can you trust these days? // Information Security Technical Report, 2009, Vol. 14, No. 4, pp. 186-196.
  • ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk management. 2011, 68 p.