2017 International Conference on Information Technology Systems and Innovation (ICITSI) 2017
DOI: 10.1109/icitsi.2017.8267952
|View full text |Cite
|
Sign up to set email alerts
|

Design of information security risk management using ISO/IEC 27005 and NIST SP 800-30 revision 1: A case study at communication data applications of XYZ institute

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
5
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 11 publications
(6 citation statements)
references
References 2 publications
0
5
0
Order By: Relevance
“…The term "segregation of duties" encompasses a wide range of guidelines that outline how the duties of different employees should be differentiated in order to achieve higher levels of responsibility. ISO 27002 provides the tools for enterprises to embrace ISO 27001 more efficiently and with a world-wide recognized method [6][7][8][15][16][17]. It explains the constraints that need to be utilized throughout the corporation (such as clear determining factors of commitments via explicitly delineated job assertions of employees).…”
Section: Iso 27000: 27001 27002mentioning
confidence: 99%
See 3 more Smart Citations
“…The term "segregation of duties" encompasses a wide range of guidelines that outline how the duties of different employees should be differentiated in order to achieve higher levels of responsibility. ISO 27002 provides the tools for enterprises to embrace ISO 27001 more efficiently and with a world-wide recognized method [6][7][8][15][16][17]. It explains the constraints that need to be utilized throughout the corporation (such as clear determining factors of commitments via explicitly delineated job assertions of employees).…”
Section: Iso 27000: 27001 27002mentioning
confidence: 99%
“…The following procedures may be performed as part of the risk assessment: identification of potential dangers, categorization of how likely it is that a threat will materialize with respect to a given entity, confirmation of the impact, which usually includes upcoming expenditures, structural failure, and recovery expenses, and reduction in losses by combining risk management into preexisting business processes [8].…”
Section: Iso 27001: Risk Assessmentmentioning
confidence: 99%
See 2 more Smart Citations
“…Lim and Suparman [21] used NIST SP 800-30 along with a subjective approach called Review Document, Interview Key Personnel, Inspect Security Control, Observes Personnel Behaviour and Test Security Control (RIIOT) to collect the required information for the risk assessment within the Indonesian cloud providers environment. Setiawan et al [34] used a similar approach by integrating the techniques from NIST SP 800-30, ISO 27000 series with interviews, questionnaires and observations for information security risk management and risk treatment. On the other hand, Supriyadi and Hardani [37] used COBIT 5 with NIST SP 800-30 to assess risk on critical application systems.…”
Section: Related Workmentioning
confidence: 99%