№2, 2013
SECURITY REQUIREMENTS CLASSIFICATION MODEL FOR INFORMATION SECURITY MANAGEMENT IN CORPORATE INFORMATION SYSTEMS
The research paper develops a classification model for the purpose of systematic determination of the information security requirements for information security management in corporate information systems. - processes and subjects ("human factor") belonging to the information system are accepted as model’s system elements - targets of security requirements objects and classification models are proposed for them. The paper defines a common platform for coordination of classifications of security requirements, potential risks associated with these requirements, and adequate counter-measures for these risks, as well as for creating a unified registry. (pp. 67-76)
Keywords:information security management, security requirements, security requirements classification, security requirement target, adequate protection, coordination of classifications, unified registry
References
- Əliquliyev R.M., İmamverdiyev Y.N., Yusifov F.F., Cəmiyyətin informasiya təhlükəsizliyinə dair bəzi konseptual baxışlar // İnformasiya cəmiyyəti problemləri, 2011, №2, s. 3-9.
- Əliyev E.A., İnformasiya sistemlərində fərdi məlumatların həyat tsiklinin tənzimlənməsi problemləri // İnformasiya cəmiyyəti problemləri, 2011, №1, s. 56-68.
- ISO/IEC-27001:2013 Information technology - Security techniques - İnformation security management systems -- Requirements. 2013, 23 p.
- Colwill C., Human factors in information security: The insider threat - Who can you trust these days? // Information Security Technical Report, 2009, Vol. 14, No. 4, pp. 186-196.
- ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk management. 2011, 68 p.
.jpg)
