Information Security Management

Abstract: The authors present a Case Study conducted in a Portuguese military organization, to answer the following research questions: (1) what are the most relevant dimensions and categories of information security controls applied in military organizations? (2) What are the main scenarios of information security incidents that are expected to occur? (3) What is the decision process used for planning and selection information security controls? This study reveals that: (1) information security within the military orga… Show more

“…ganizations to develop, improve, and document their own information security management systems, to be compliant with ISO/IEC 27001 or other standards. Martins et al (2013) conducted a case study of applying ISO/IEC 27001 in a military context. In the further research, Martins et al (2014) proposed a method for the identification of the best combination of security controls to be applied against a particular method of attack.…”

“…Martins et al (2013) conducted a case study of applying ISO/IEC 27001 in a military context. In the further research, Martins et al (2014) proposed a method for the identification of the best combination of security controls to be applied against a particular method of attack. The method takes into account, among other topics, existing security control frameworks, like ISO/IEC 27001, and lessons learned.…”

“…On the other hand, German national BSI IT-Grundschutz has been developed to provide ISO/IEC 27001 compliance. Martins et al (2014) used ISO/IEC 27001 in a military context, which was also the background of KATAKRI. Based on our analysis of the contents of these specifications, quantum of complements to ISO/IEC 27001 is not significant.…”

Aligning Two Specifications for Controlling Information Security

“…ganizations to develop, improve, and document their own information security management systems, to be compliant with ISO/IEC 27001 or other standards. Martins et al (2013) conducted a case study of applying ISO/IEC 27001 in a military context. In the further research, Martins et al (2014) proposed a method for the identification of the best combination of security controls to be applied against a particular method of attack.…”

“…Martins et al (2013) conducted a case study of applying ISO/IEC 27001 in a military context. In the further research, Martins et al (2014) proposed a method for the identification of the best combination of security controls to be applied against a particular method of attack. The method takes into account, among other topics, existing security control frameworks, like ISO/IEC 27001, and lessons learned.…”

“…On the other hand, German national BSI IT-Grundschutz has been developed to provide ISO/IEC 27001 compliance. Martins et al (2014) used ISO/IEC 27001 in a military context, which was also the background of KATAKRI. Based on our analysis of the contents of these specifications, quantum of complements to ISO/IEC 27001 is not significant.…”

Aligning Two Specifications for Controlling Information Security