BazEkon - Biblioteka Główna Uniwersytetu Ekonomicznego w Krakowie

BazEkon home page

Meny główne

Autor
Chmielecki Tomasz (AGH University of Science and Technology Kraków, Poland), Chołda Piotr (AGH University of Science and Technology Kraków, Poland), Pacyna Piotr (AGH University of Science and Technology Kraków, Poland), Potrawka Paweł (AGH University of Science and Technology Kraków, Poland), Rapacz Norbert (AGH University of Science and Technology Kraków, Poland), Stankiewicz Rafał (AGH University of Science and Technology Kraków, Poland), Wydrych Piotr (AGH University of Science and Technology Kraków, Poland)
Tytuł
Enterprise-oriented Cybersecurity Management
Źródło
Annals of Computer Science and Information Systems, 2014, vol. 2, s. 863-870, rys., tab., bibliogr. 22 poz.
Słowa kluczowe
Technologia informacyjna, Zarządzanie bezpieczeństwem, Przedsiębiorstwo, Ocena ryzyka, Cyberbezpieczeństwo
Information Technology (IT), Safety management, Enterprises, Risk assessment, Cybersecurity
Abstrakt
Information technology is widely used in processes vital to enterprises. Therefore, IT systems must meet at least the same level of security as required from the business processes supported by these systems. In this paper, we present a view on cybersecurity management as an enterprise-centered process, and we advocate the use of enterprise architecture in security management. Activities such as risk assessment, selection of security controls, as well as their deployment and monitoring should be carried out as a part of enterprise architecture activity. A set of useful frameworks and tools is presented and discussed.(original abstract)
Pełny tekst
Pokaż
Bibliografia
Pokaż
  1. "Information Technology-Security Techniques-Code of Practice for Information Security Management," ISO/IEC 27002, Oct. 2005.
  2. "Managing Information Security Risk. Organization, Mission, and Information System View," NIST SP 800-39, Mar. 2011.
  3. "Security and Privacy Controls for Federal Information Systems and Organizations," NIST SP 800-53, Feb. 2012.
  4. Ackermann T., IT Security Risk Management. Perceived IT Security Risks in the Context of Cloud Computing. Wiesbaden, Germany: Springer Fachmedien, 2013.
  5. Anderson E. E., "Firm Objectives, IT Alignment, and Information Security," IBM Journal of Research and Development, vol. 54, no. 3, May/Jun. 2010, paper 5. [Online]. Available: http://dx.doi.org/10.1147/JRD.2010.2044256
  6. Araujo Wickboldt J. et al., "A Framework for Risk Assessment based on Analysis of Historical Information of Workflow Execution in IT Systems," Computer Networks, vol. 55, no. 13, pp. 2954-2975, Sep. 15, 2011. [Online]. Available: http://dx.doi.org/10.1016/j.comnet.2011.05.025
  7. Barateiro J. et al., "Manage Risks through the Enterprise Architecture," in Proc. 45rd Hawaii International Conference on System Sciences HICSS-45, Grand Wailea, Maui, HI, Jan. 4-7, 2012. [Online]. Available: http://dx.doi.org/10.1109/HICSS.2012.419
  8. Chołda P. and Helvik B. E., "Reliable Network-based Services," Computer Communications, vol. 36, no. 6, pp. 607-610, Mar. 15, 2013. [Online]. Available: http://dx.doi.org/10.1016/j.comcom.2013.01.003
  9. Chołda P. et al., "Towards Risk-aware Communications Networking," Reliability Engineering & System Safety, vol. 109, pp. 160-174, Jan. 2013. [Online]. Available: http://dx.doi.org/10.1016/j.ress.2012.08.009
  10. Chołda P., "Risk-Aware Design and Management of Resilient Networks," in Proc. 4th International Workshop on Resilience and IT-Risk in Social Infrastructures RISI 2014, Fribourg, Switzerland, Sep. 8, 2014.
  11. Cleeff A. van, "A Risk Management Process for Consumers: The Next Step in Information Security," in Proc. New Security Paradigms Workshop NSPW'10, Concord, MA, Sep. 21-23, 2010. [Online]. Available: http://dx.doi.org/10.1145/1900546.1900561
  12. Costello T., "Business Continuity: Beyond Disaster Recovery," IT Professional, vol. 14, no. 5, pp. 62-64, Sep./Oct. 2012. [Online]. Available: http://dx.doi.org/10.1109/MITP.2012.92
  13. Fenz S. et al., "Information Security Risk Management: In Which Security Solutions Is It Worth Investing?" Communications of the Association for Information Systems, vol. 28, no. 22, pp. 329-356, May 2011.
  14. Gonzalez A. J. and Helvik B. E., "SLA Success Probability Assessment in Networks with Correlated Failures," Computer Communications, vol. 36, no. 6, pp. 708-717, Mar. 2013. [Online]. Available: http://dx.doi.org/10.1016/j.comcom.2012.08.007
  15. Haimes Y. Y., "Models for Risk Management of Systems of Systems," International Journal of System of Systems Engineering, vol. 1, no. 1/2, pp. 222-236, 2008. [Online]. Available: http://dx.doi.org/10.1504/IJSSE.2008.018138
  16. Johnson M. E. et al., "Security through Information Risk Management," IEEE Security & Privacy, vol. 7, no. 3, pp. 45-52, May/Jun. 2009. [Online]. Available: http://dx.doi.org/10.1109/MSP.2009.77
  17. Mastroeni L. and Naldi M., "Violation of Service Availability Targets in Service Level Agreements," in Proc. Federated Conference on Computer Science and Information Systems FedCSIS 2011, Szczecin, Poland, Sep. 18-21, 2011.
  18. Pacyna P. et al., "Założenia i cele metodyki OKIT do wdrażania systemu bezpieczeństwa teleinformacyjnego w infrastrukturach krytycznych," in Nowoczesne systemy łączności i transmisji danych na rzecz bezpieczeństwa. Szanse i zagrożenia, A. R. Pach et al., Eds. Warszawa, Poland: Wolters Kluwer Polska SA, 2013, pp. 442-457, (in Polish).
  19. Pacyna P. et al., OKIT. Metodyka ochrony teleinformacyjnych infrastruktur krytycznych. Warszawa, Poland: Wydawnictwo Naukowe PWN, 2013, (in Polish).
  20. Rapacz N. et al., "Elementy skutecznego zarządzania bezpieczeństwem w przedsiębiorstwach obsługujących infrastruktury krytyczne," in Nowoczesne systemy łączności i transmisji danych na rzecz bezpieczeństwa. Szanse i zagrożenia, A. R. Pach et al., Eds. Warszawa, Poland: Wolters Kluwer Polska SA, 2013, pp. 458-475, (in Polish).
  21. Rinaldi S. M. et al., "Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies," IEEE Control Systems Magazine, vol. 21, no. 6, pp. 11-25, Dec. 2001. [Online]. Available: http://dx.doi.org/10.1109/37.969131
  22. Todinov M., Risk-Based Reliability Analysis and Generic Principles for Risk Reduction. Amsterdam, The Netherlands: Elsevier Science & Technology Books, 2006.
Cytowane przez
Pokaż
ISSN
2300-5963
Język
eng
Udostępnij na Facebooku Udostępnij na Twitterze Udostępnij na Google+ Udostępnij na Pinterest Udostępnij na LinkedIn Wyślij znajomemu