 A New Model for Information Security Risk ManagementAli Shirazi () and
Mozaffar Kazemi
A chapter in ICT for an Inclusive World, 2020, pp 551-566 from Springer Abstract: Abstract This article introduces a new risk management method for information security risk management, proposed and applied for the first time in the IT department of a telecommunication company in Iran. According to law requirements and security strategic plan, the mentioned company implemented information security risk management (ISMS). So one of the main phases of ISMS is the risk management. The results show that the methodology of the information security risk management containing the risk identification, risk analysis, risk evaluation and risk treatment, uses the frameworks of ISO 27005, ISO 27002, ISO 27011, OCTAVE and NIST 800-30 and OWASP standards. This new method is practical and accurate and is suitable for large scale organizations. Keywords: Information security; Risk assessment model; Security risk management; Risk management in ISMS (search for similar items in EconPapers) There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it. Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:spr:lnichp:978-3-030-34269-2_38 Ordering information: This item can be ordered from DOI: 10.1007/978-3-030-34269-2_38 Access Statistics for this chapter More chapters in Lecture Notes in Information Systems and Organization from Springer |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.