EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Using the evidential reasoning approach in auditing of an information security management system

POUŽITÍ DOMNĚNKOVÝCH FUNKCÍ PŘI AUDITU SYSTÉMU ŘÍZENÍ BEZPEČNOSTI INFORMACÍ

Ladislav Beránek
Additional contact information
Ladislav Beránek: University of South Bohemia in České Budějovice

Acta Universitatis Bohemiae Meridionalis, 2010, vol. 13, issue 3, 89-95

Abstract: Audit information security management system (ISMS) is an important element of a well-functioning ISM. As part of an ISMS audit, it is also necessary to determine the audit risk. Various methods exist and are developed for risk assessment, both in practical and theoretical level. These methods can use quantitative methods, or may be based on a qualitative assessment of risks. Current standards (e.g. ISO 27001) for construction and operation of the ISMS remain on operators how to carry out risk identification, relevant analyses and evaluations. Various probabilistic methods or methods based on Bayesian statistics are widely used theoretical methods. However, currently there are no generally accepted methods for calculating risk. This is due to the difficulty of quantifying some events and often subjective nature of the analysis.In this paper, we introduce an evidential reasoning model (evidential reasoning approach under the Dempster-Shafer theory) for the information systems audit risk assessment. The advantage of this approach is the ability to work with indeterminations and subjective evaluations. The proposed model is applied to the assessment of audit risk in the chosen field of standard ISO 27001.

Keywords: Information security management system; Information systems audit; Belief functions; Audit risk; ISO 27001 (search for similar items in EconPapers)
Date: 2010
References: Add references at CitEc
Citations:

Downloads: (external link)
http://acta.ef.jcu.cz/doi/10.32725/acta.2010.035.html (text/html)
http://acta.ef.jcu.cz/doi/10.32725/acta.2010.035.pdf (application/pdf)
free of charge

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:boh:actaub:v:13:y:2010:i:3:p:89-95

DOI: 10.32725/acta.2010.035

Access Statistics for this article

Acta Universitatis Bohemiae Meridionalis is currently edited by Tereza Šťástková

More articles in Acta Universitatis Bohemiae Meridionalis from University of South Bohemia in Ceske Budejovice, Faculty of Economics Contact information at EDIRC.
Bibliographic data for series maintained by Ivo Andrle ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-04-22
Handle: RePEc:boh:actaub:v:13:y:2010:i:3:p:89-95