Evaluation of information safety as an element of improving the organization’s safety management

Hoffmann, Romuald; Kiedrowicz, Maciej; Stanik, Jerzy

doi:10.1051/matecconf/20167604011

Cited by 11 publications

(9 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The desired property of the security system shall be deemed to mean a possibility of ensuring the acceptable security system for the security attributes assigned to the information resources of the security system [5][6]. It is assumed that the set of such resources ∈ shall change discreetly over time.…”

Section: Desired Property Of the Security Systemmentioning

confidence: 99%

The security system for maintenance of the required information security level

Kiedrowicz

Stanik

2018

MATEC Web Conf.

Self Cite

View full text Add to dashboard Cite

The security system for maintenance of the required information security level M aci ej Ki ed r ow i cz 1 ,* , an d Jer zy St an i k 1 1 M i l it ar y Un i ver si t y of Tech n ol ogy , Facu l t y of Cy ber n et i cs, Ur b an ow i cza St r . 2 , War saw , Pol an dAbstract. The article outlines the concept of maintaining the required security level of the information system in the organization (SIO) through appropriate control of the security configurations of the security system. The security system (SS) model was proposed and its basic elements characterized to maintain the current security level of the information resources. The desired current security feature of the SIO shall be obtained by generating appropriate security technical and organizational configurations from the set of permissible solutions. The proposed concept, which takes into account the impact of not only basic security elements of the information resources (e.g. types of resources, security attributes, risks, vulnerability), but also changes in the working conditions of the information system and security system as well as the entire security and quality management environment of the organization, constitutes own proposal of the authors.

show abstract

Section: Desired Property Of the Security Systemmentioning

confidence: 99%

The security system for maintenance of the required information security level

Kiedrowicz

Stanik

2018

MATEC Web Conf.

Self Cite

View full text Add to dashboard Cite

show abstract

“…1) the following attributes in the field of information security: access to sensitive documents, confidentiality of the processed data, integrity of documents, fulfillment of security requirements included in the security policy, losses understood as a costs incurred due to the loss of security attributes [7,8,[35][36][37]; 2) the following elements in the field as resulting from the legal norms regulating such security issues: appointment of a representative to protect classified information, creation of a security division in the organization to perform tasks related to the processing of sensitive documents in the organization, adaptation of the office facilities to the requirements on creation, processing, acceptance, assignment, delivery and protection of sensitive documents according to the provisions of law; organization of a secret office, organization of a special location (place, facility) for the processing of sensitive data, including ICT systems for executing and processing sensitive documents; 3) the following documents in the field of basic quality and security documents: risk analysis reports, security policy, ICT security plan, special security requirements for the ICT system, safe use procedures and business continuity plan; 4) the following attributes/measures in the field of the sensitive information security processing process: importance of the Office and its Clients, fulfillment of the requirements included in the quality policy; 5) the following attributes in the field of security of business continuity: fulfillment of the requirements included in the business continuity management policy, financial effects of suspension/interruption of the process, nonfinancial effects of suspension/interruption of the process, costs and time of the process unavailability; 6) In other fields: flexibility of the process of sensitive data processing, costs and time of the process of sensitive data processing, efficiency of the change management process, efficiency of the management process architecture related to the processing of sensitive data, reliability. Last but not least, it should be stressed that the risk of sensitive documents may result from such an allegedly prosaic reason as wrongly designed user interface in the ICT system.…”

Section: Risk Related To Sensitive Documentsmentioning

confidence: 99%

Multi-faceted methodology of the risk analysis and management referring to the IT system supporting the processing of documents at different levels of sensitivity

Kiedrowicz

2017

MATEC Web Conf.

Self Cite

View full text Add to dashboard Cite

Abstract. This article outlines the methodology of the IT system risk analysis and management, including various categories of risk factors significant from the point of view of the sensitive data processing and completeness of the procedure for determining the IT system risk level. The presented methodology is divided into the IT system risk analysis and the risk management method. The IT system risk level assessed by the risk analysis method described in this article constitutes an input value for the risk management method outlined in the further part hereof, referring to the IT systems used for the processing of documents at different levels of sensitivity.

show abstract

“…A universal measure can usually be financial for an organization that is the owner of a system under test. At that point, however, we need to set the risk for all the resources and collect the total financial impact because, as shown above, even a single threat can affect many collections of resources [13,14].…”

Section: Risk Of Exposure Assets To the Threatmentioning

confidence: 99%

Network model of risk analysis in the technical structures

et al. 2017

View full text Add to dashboard Cite

Abstract. The aim of the article is to present the possibilities offered by network models. This article discusses the network model of risk analysis in technical structures. We are discussed some network centrality measures and their use in risk analysis. We have proposed a mixed, expert-formal model for analyzing the risk of asset risk in technical structures based on own methodology of network building. We shown that mathematically model of structure of the network and its corresponding physical are linked by bijection. This creates a unequivocal model for quantitative risk analysis.

show abstract

Evaluation of information safety as an element of improving the organization’s safety management

Cited by 11 publications

References 4 publications

The security system for maintenance of the required information security level

The security system for maintenance of the required information security level

Multi-faceted methodology of the risk analysis and management referring to the IT system supporting the processing of documents at different levels of sensitivity

Network model of risk analysis in the technical structures

Contact Info

Product

Resources

About