A novel approach for information security risk assessment maturity framework based on ISO 27001

Abazi, Blerton

doi:10.14267/phd.2020016

Cited by 1 publication

(1 citation statement)

References 83 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The system prototype is based on the literary findings, comparison of maturity models, and analytical findings from the quantitative and qualitative data collected from participants from companies of IT, banking and insurance sector. Based on studies on risk assessment in information security, we have a wide range of models used in identification, assessment and risk analysis processes: FAIR, OCTAVE, CURF, CRAMM, CORAS, RISK IT, however they have several shortcomings [30].…”

Section: Risk Assessment Maturity Framework Prototypementioning

confidence: 99%

Semi-automated Information Security Risk Assessment Framework for Analyzing Enterprises Security Maturity Level

Abazi

Kő

2019

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

While organizations spend millions of dollars on developing security systems at the highest level, one of the most significant areas of weaknesses, and loss remain their employees. Lack of employee training and security expertise, therefore, can cause huge loss, despite other measure being put in place. Cyberattacks are often able to commit cybercrime due to a lack of qualified cyber-security staff and the limited number of IT staff employed to keep pace with continuing security development and advancement. Testing, training and employing staff therefore is a critical measure for all organizations to reduce the vulnerabilities yet seems to be an area still not fully addressed. Businesses and organizations need to provide training to promote understanding for staff at every level, so they are aware of their roles and responsibilities in protecting against security threats. However, this is a colossal undertaking, and until this learning gap is resolved, financial institutions must continue to fight and efficiently manage cybersecurity threats. The aim of the current research paper is to present and propose a semi-automated risk assessment framework and a security maturity model, which can be helpful for auditors, security officers and managers. It is based on the ISO 27001 and utilize the relevant standards as well. The related risk management solution is a web-based software application. The current study targeted information security in Kosovo, specifically in the banking sector, IT industry and insurance field.

show abstract

Section: Risk Assessment Maturity Framework Prototypementioning

confidence: 99%