By browsing our site you agree to our use of cookies. You will only see this message once.  Find out more
Przeglądając naszą stronę zgadzasz się na użycie cookies. Zobaczysz tą wiadomość tylko raz.  Dowiedz się więcej

3rd International Conference on Information Technologies in Management

Warsaw, Poland, 26 January 2018

You are here: Conference archive > ICoITiM 2015 > Selection of information security monitoring metrics in virtual organizations. Method proposal
Wersja polska

Selection of information security monitoring metrics in virtual organizations. Method proposal

Tomasz Klasa

 

Abstract:

Virtual organizations, with their flexibility and unclear borders, differ from typical, ordinary organizations. While it is usually difficult to manage information security in a typical environment of a traditional company, a VO structure and its way of operation make it a far harder goal to achieve. The most significant problem is, that the dynamic nature of VOs is in contrary to a typical approach to security management based on periodical audits. They last too long and are too troublesome to be repeated ad hoc in a VO. At the same time, security metrics, once chosen and applied to assets, may become improper very quickly due to changes within the organization. As a solution to that, a method of security monitoring metrics selection in virtual organizations is proposed. It adapts approach known from method FoMRA to combine organizational structure with security requirements and metrics gathered from various sources, such as international standards or local policies.

Full text

References:

  1. Grudzewski, W., Hejduk, I. (2002) Przedsiębiorstwo wirtualne. Warszawa: Difin.
  2. Brzozowski, M. (2006) Ewolucja pojmowania wirtualności i definiowanie organizacji wirtualnej. Płoszajski P., Bełza G. Wybory strategiczne firm – nowe instrumenty analizy i wdrażania. Warszawa: Oficyna Wydawnicza Szkoły Głównej Handlowej.
  3. Blim, M. (2010) Organizacja wirtualna jako obiekt ochrony fizycznej i technicznej. Zabezpieczenia. 2010, 6.
  4. Bełdycki, K. (2010) Integracja systemów ochrony z procesami biznesowymi. Zabezpieczenia. 2010, 4.
  5. Polaczek, T. (2006) Audyt bezpieczeństwa informacji w praktyce. Gliwice: Helion.
  6. Oyleami, J. O., Ithnin, N. B. (2015) Establishing a Sustainable Information Security Management Policies in Organization: A Guide to Information Security Management Practice (ISMP). Internetional Journal of Computer and Information Technology. 01, January 2015, 2015, Vol. 04, pp. 44–49.
  7. Hontanon R.J. (2002) Bezpieczeństwo systemu Linux. Warszawa: Wydawnictwo Mikom.
  8. Stallings, W. (2013) Operating Systems – internals and design, Pearson.
  9. Holz, T. (2008) Security Measurements and Metrics for Networks. Dependability Metrics, LNCS 4909.
  10. Stallings, W. (2011) Computer Networks Security, Pearson.
  11. Wun-Young, L., et al. (2008) SAP Security Configuration and Deployment. Burlington: Syngress, Elsevier.
  12. ISO/IEC15408:2009. (2009) Information technology – Security techniques – Evaluation criteria for IT security.
  13. ISO/IEC27002:2013. (2013) Information technology – Security techniques – Code of practice for information security controls.
  14. Bogusz, A. (2012) Nowe spojrzenie na ochronę informacji niejawnych (cz. 1–3), Zabezpieczenia. 2012, 3–5.
  15. Berkeley University of California. (2014) Minimum Security Standards for Electronic Information. Berkeley University of California Security, [Online] 2014. https://security.berkeley.edu/mssei.
  16. 16. Fabisiak L., Hyla T., Klasa T. (2012) Comparative analysis of information security assessment and management methods. Studies & Proceedings of Polish Association for Knowledge Management 60.
  17. El Fray I. (2013) Metoda określająca zaufanie do system informacyjnego w oparciu o proces szacowania i postępowania z ryzykiem. Szczecin: Wydział Informatyki, Zachodniopomorski Uniwersytet Technologiczny w Szczecinie.
  18. Howard M., LeBlanc, D. (2001) Bezpieczny kod. Tworzenie i zastosowanie. Warszawa: APN Primise, Microsoft.
  19. Fenz S., et al. (2013) FORISK: Formalising information security risk and compliance management. 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).
  20. Karabacak B., Tatar U. (2012) Strategies to Counter Cyberattacks: Cyberthreats and Critical Infrastructure Protection. NATO Science for Peace and Security Series - E: Human and Societal Dynamics. Volume 116: Critical Infrastructure Protection.
  21. Hajdarevic K., Allen P. (2013) A new method for the identification of proactive information security management system metrics. 36th International Conference on Information & Communication technology Electronics & Microelectronics.
  22. Winkler V.(J.R.). (2011) Securing the Cloud. Waltham: Syngress, Elsevier.
  23. Martinelli F., Matteucci I. (2008) A framework for automatic generation of security controller. Software Testing Verification & Reliability, pp. 563-582.
  24. Cartlidge A., et al. (2007) An Introductory Overview of ITIL® V3, The UK Chapter of the itSMF, itSMF Ltd.
  25. ISACA. (2008) COBIT Mapping: Mapping of ITILv3 With COBIT 4.1.
  26. Van Bon J., Verheijen T. (2006) Frameworks for IT Management: Van Haren Publishing.
  27. Berg C. (ed.). (2000) A Guide to the Project Management Body of Knowledge (PMBOK Guide). Newtown Square: Project Management Institute.
  28. Council on Cyber Security (2014) counciloncybersecurity.org. [Online] 2014. http://www.counciloncybersecurity.org/critical-controls/.
  29. NIST (2001) http://csrc.nist.gov. [Online] 2001. http://csrc.nist.gov/groups/ SMA/fasp/documents/policy_procedure/operational-controls-policy.doc.
  30. Sadowsky G., et al. (2003) Information Technology Security Handbook. Washington: The International Bank for Reconstruction and Development / The World Bank.

Back to list

« prev  |   top  |   next »

Organizer: 

WSM

In technical cooperation with:

PTI logo  IwZ PTI  ACM  IEEE

Page by: A.Jarzęcki | Powered by CMSimple | Login