|
Title:
|
SUPPORT FRAMEWORK FOR INFORMATION SECURITY POLICY AND RISK ASSESSMENT DEVELOPMENT FOR A NEW TECHNOLOGICAL SCENARIO |
|
Author(s):
|
Leandro José Aguilar Andrijic Malandrin, Tereza Cristina Melo de Brito Carvalho |
|
ISBN:
|
978-972-8939-77-9 |
|
Editors:
|
Piet Kommers, Tomayess Issa and Pedro Isaías |
|
Year:
|
2012 |
|
Edition:
|
Single |
|
Keywords:
|
Information Security Management Systems, ISO/IEC 27001, IT infrastructure outsourcing, Cloud Computing, Mobility |
|
Type:
|
Full Paper |
|
First Page:
|
142 |
|
Last Page:
|
150 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
The technological scenario always played a critical role in Information Security. However, in the latter years, this scenario has changed substantially, in ways not know so far. Represented mainly by heavy IT infrastructure outsourcing, cloud computing and mobility, these changes created several new security challenges. The usual approach in Information Security Management Systems (ISMS) for this situation is the risk assessment review and deployment of new security controls. However, because of the disruptive nature of this scenario, that is not enough changes in the actual way of creating the ISMS are needed. Using ISO/IEC 27001 as reference model, this paper focus on the identification of this changes and how they can be considered. Based on risks mapped in the literature for new technologies, checkpoints are defined and inserted into the basic process of two activities: Information Security Policy and Risk Assessment development. The main contribution is a framework for the ISMS planning phase designed to help security practitioners better understand the implications of the new scenario described and create ISMS ready for it. |
|
|
|
|
|
|
