Aligning Two Specifications for Controlling Information Security
Riku NykÃ¤nen and
Additional contact information
Riku NykÃ¤nen: University of JyvÃ¤skylÃ¤, JyvÃ¤skylÃ¤, Finland
Tommi KÃ¤rkkÃ¤inen: University of JyvÃ¤skylÃ¤, JyvÃ¤skylÃ¤, Finland
International Journal of Cyber Warfare and Terrorism (IJCWT), 2014, vol. 4, issue 2, 46-62
Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a tool to verify maturity of information security practices. KATAKRI defines both security control objectives and security controls to meet an objective. Here the authors compare and align these two specifications in the process, structural, and operational level, focusing on the security control objectives and the actual controls. Even if both specifications share the same topics on high level, the results reveal the differences in the scope and in the included security controls.
References: Add references at CitEc
Citations: Track citations by RSS feed
Downloads: (external link)
http://services.igi-global.com/resolvedoi/resolve. ... 018/ijcwt.2014040104 (application/pdf)
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
Persistent link: https://EconPapers.repec.org/RePEc:igg:jcwt00:v:4:y:2014:i:2:p:46-62
Access Statistics for this article
More articles in International Journal of Cyber Warfare and Terrorism (IJCWT) from IGI Global
Bibliographic data for series maintained by Journal Editor ().