Relevant bibliographies by topics / Information security standards / Journal articles
To see the other types of publications on this topic, follow the link: Information security standards.

Journal articles on the topic 'Information security standards'

Author: Grafiati
Published: 4 June 2021
Last updated: 18 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Information security standards.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Pepper, Bill. "Information security standards for outsourcing." Information Security Technical Report 1, no. 3 (January 1996): 59–61. http://dx.doi.org/10.1016/s1363-4127(97)83021-x.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Humphreys, Edward. "Information security management system standards." Datenschutz und Datensicherheit - DuD 35, no. 1 (January 2011): 7–11. http://dx.doi.org/10.1007/s11623-011-0004-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Höne, Karin, and J. H. P. Eloff. "Information security policy — what do international information security standards say?" Computers & Security 21, no. 5 (October 2002): 402–9. http://dx.doi.org/10.1016/s0167-4048(02)00504-7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Gaivéo, José. "Information Security Standards in Healthcare Activities." International Journal of Reliable and Quality E-Healthcare 5, no. 4 (October 2016): 15–33. http://dx.doi.org/10.4018/ijrqeh.2016100102.

Full text
Abstract:
Information is mandatory in healthcare activities and in all that are related to it. In this same sense, people that deal with those information requires attention because patient´s information could be exposed. The use of directions stated by information security standards might allow a proactive attitude in the face of the diversity of threats that as the potential to explore the vulnerabilities of organizational assets. This article intends to recognize information threats and vulnerabilities that could be explored, using information security international standards to support the activities needed to assume information safeguard. Another intention is the establishment of a basis of references in information security to define a level of risk classification to build a referential to the potential that a given threat has to exploit the vulnerabilities of informational assets, preventing damages to personal and organizational property, and also activity continuity, assuming information as the main resource.
APA, Harvard, Vancouver, ISO, and other styles
5

Dykyi, O., and M. Fliunt. "Information security standards: a comparative research." Law and public administration 2, no. 1 (2019): 88–95. http://dx.doi.org/10.32840/pdu.2-1.14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Lee, Chul Ho, Xianjun Geng, and Srinivasan Raghunathan. "Mandatory Standards and Organizational Information Security." Information Systems Research 27, no. 1 (March 2016): 70–86. http://dx.doi.org/10.1287/isre.2015.0607.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Poore, Ralph Spencer. "Information Security Standards: Deluge and Dearth." Information Systems Security 10, no. 1 (March 2001): 1–6. http://dx.doi.org/10.1201/1086/43313.10.1.20010304/31392.4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Gentile, Francesco, Luigi Giuri, Franco Guida, Emilio Montolivo, and Michele Volpe. "Security evaluation in information technology standards." Computers & Security 13, no. 8 (January 1994): 647–50. http://dx.doi.org/10.1016/0167-4048(94)90044-2.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Chenoweth, John D. "Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management." Journal of Information Privacy and Security 1, no. 1 (January 2005): 43–44. http://dx.doi.org/10.1080/15536548.2005.10855762.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

von Solms, Rossouw. "Information security management: why standards are important." Information Management & Computer Security 7, no. 1 (March 1999): 50–58. http://dx.doi.org/10.1108/09685229910255223.

Full text
APA, Harvard, Vancouver, ISO, and other styles
11

Siponen, Mikko, and Robert Willison. "Information security management standards: Problems and solutions." Information & Management 46, no. 5 (June 2009): 267–70. http://dx.doi.org/10.1016/j.im.2008.12.007.

Full text
APA, Harvard, Vancouver, ISO, and other styles
12

Alghananeem, Kulthoom Mansour, Mohammed Abed Altaee, and Bassem Khoder Jida. "The Impact of the Goals of Information Security Standards to Ensure Information Security." Journal of Management Research 6, no. 2 (March 19, 2014): 74. http://dx.doi.org/10.5296/jmr.v6i2.5024.

Full text
APA, Harvard, Vancouver, ISO, and other styles
13

Gray, C. "Review: Information Security Policies, Procedures and Standards: Guidelines for Effective Information Security Management." Computer Bulletin 45, no. 2 (March 1, 2003): 30. http://dx.doi.org/10.1093/combul/45.2.30-b.

Full text
APA, Harvard, Vancouver, ISO, and other styles
14

Söderström, Eva, Rose‐Mharie Åhlfeldt, and Nomie Eriksson. "Standards for information security and processes in healthcare." Journal of Systems and Information Technology 11, no. 3 (August 14, 2009): 295–308. http://dx.doi.org/10.1108/13287260910983650.

Full text
APA, Harvard, Vancouver, ISO, and other styles
15

Wu, Yu ’Andy’, and Carol Stoak Saunders. "Governing Information Security." Information Resources Management Journal 24, no. 1 (January 2011): 28–45. http://dx.doi.org/10.4018/irmj.2011010103.

Full text
Abstract:
Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff’s (2007) framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology (NIST), the authors present seven domains of information security governance. For each of the governance domains, they propose a main decision type, using the taxonomy of information technology decisions defined by Weill and Ross (2004). This framework recommends the selection of decision rights allocation patterns that are proper to those decision types to ensure good security decisions. As a result, a balance can be achieved between decisional authority and responsibility for information security.
APA, Harvard, Vancouver, ISO, and other styles
16

Akowuah, Francis, Xiaohong Yuan, Jinsheng Xu, and Hong Wang. "A Survey of Security Standards Applicable to Health Information Systems." International Journal of Information Security and Privacy 7, no. 4 (October 2013): 22–36. http://dx.doi.org/10.4018/ijisp.2013100103.

Full text
Abstract:
The information maintained by Health Information Systems (HIS) is often faced with security threats from a wide range of sources. Some government's regulations require healthcare organizations and custodians of personal health information to take practical steps to address the security and privacy needs of personal health information. Standards help to ensure an adequate level of security is attained, resources are used efficiently and the best security practices are adopted. In this paper, the authors survey security standards applicable to healthcare industry including Control OBjective for Information and related Technology (COBIT), ISO/IEC 27002:2005, ISO/IEC 27001:2005, NIST Special Publication 800-53, ISO 27799:2008, HITRUST Common Security Framework (CSF), ISO 17090:2008, ISO/TS 25237:2008, etc. This survey informs the audience currently available standards that can guide the implementation of information security programs in healthcare organizations, and provides a starting point for IT management in healthcare organizations to select a standard suitable for their organizations.
APA, Harvard, Vancouver, ISO, and other styles
17

Kuczabski, Mateusz. "Asian Cyber Security Standards." Safety & Defense 6, no. 2 (August 7, 2020): 21–32. http://dx.doi.org/10.37105/sd.75.

Full text
Abstract:
The scientific considerations presented in this article concern the threat of the cyber security quality system resulting from the unclear security standards introduced by China. Over the past few years, the Chinese government has issued nearly 300 new national standards related to cyber security. These standards cover a range of Information and Communications Technology (ICT) services as well as products, including software, routers, switches and firewalls. These standards contribute to the threat to the cyber security quality system, The situation becomes more difficult the more the United States exerts pressure on the Western world towards Chinese companies investing outside of China and for Western companies investing in China. The purpose of the analysis is to identify those threats, which are also difficulties encountered by Western companies trying to develop business in China in order to minimize them. The study was designed as an analysis of Chinese standardization policy documents in the area of cybersecurity and their confrontation with the practice of applying to foreign enterprises, as well as analysis of international standardization and standardization reports and documents in the field of cybersecurity. The theoretical research methods used in this study are: synthesis, analysis, abstraction and generalization.
APA, Harvard, Vancouver, ISO, and other styles
18

Meriah, Ines, and Latifa Ben Arfa Rabai. "Analysing Information Security Risk Ontologies." International Journal of Systems and Software Security and Protection 11, no. 1 (January 2020): 1–16. http://dx.doi.org/10.4018/ijsssp.2020010101.

Full text
Abstract:
This research work presents existing security ontologies and identifies relevant security ontology requirements in information systems. Moreover, it proposes a new classification of security ontologies in which, two main families, namely ontologies-based security standards and ontologies-based security risk assessment, are defined. For each family, a set of related research works is selected and a thorough description of their security ontologies is presented. The purpose of this analysis is to identify security ontology requirements as well as ontological characteristics for each study in order to help a security decision maker to select an ontology based off of their security risks and requirements as well as their needed security models and standards. By selecting the appropriate ontology, security stakeholders support security compliance and risk assessment in an enterprise.
APA, Harvard, Vancouver, ISO, and other styles
19

Lim, Joo S., Sean B. Maynard, Atif Ahmad, and Shanton Chang. "Information Security Culture." International Journal of Cyber Warfare and Terrorism 5, no. 2 (April 2015): 31–52. http://dx.doi.org/10.4018/ijcwt.2015040103.

Full text
Abstract:
There is considerable literature in the area of information security management (ISM). However, from an organizational viewpoint, the collective body of literature does not present a coherent, unified view of recommended security management practices. In particular, despite the existence of ‘best-practice' standards on information security management, organizations have no way of evaluating the reliability or objectivity of the recommended practices as they do not provide any underlying reasoning or justification. This paper is a first step towards the development of rigorous and formal instruments of measurement by which organizations can assess their security management practices. The paper identifies nine security practice constructs from the literature and develops measurement items for organizations to assess the adequacy of their security management practices. The study uses a multiple case study approach followed by interviews with a panel of four security experts to validate and refine these security practice constructs and their associated measures.
APA, Harvard, Vancouver, ISO, and other styles
20

Anton, Nicolae, and Anișor Nedelcu. "Security Information and Risk Management Assessment." Applied Mechanics and Materials 809-810 (November 2015): 1522–27. http://dx.doi.org/10.4028/www.scientific.net/amm.809-810.1522.

Full text
Abstract:
This work approaches the assessment of the security and information risks in order to find the optimal values of the risks by applying and comparing different methods to measure and assess the security risks. By describing structural characteristics of standards and methods implemented in the information security management system (ISMS), this paper underlines the necessity, means and effectiveness of information security modeling. The conclusions of this paper highlights the importance of standards and methods of risk management assessment.
APA, Harvard, Vancouver, ISO, and other styles
21

Shahmoradi, Leila, Maryam Ebrahimi, Somayeh Shahmoradi, Ahmadreza Farzanehnejad, Hajar Moammaie, and Mahdi Habibi Koolaee. "Usage of Standards to Integration of Hospital Information Systems." Frontiers in Health Informatics 9, no. 1 (March 8, 2020): 28. http://dx.doi.org/10.30699/fhi.v9i1.215.

Full text
Abstract:
Introduction: Data exchange across healthcare facilities is a major issue in healthcare information systems. Standards play an important role in the context of communication. In this paper, we surveyed the usage of standards in the hospital information systems (HISs) in the affiliated hospitals of Tehran University of Medical Sciences.Material and Methods: This survey was performed in 2014-2015. A total of 17 hospitals with HISs were surveyed. The data were collected using a structured questionnaire. The design of the questionnaire was based on a literature review and consisted of three parts. Descriptive statistics were used to analyze the data.Results: XML, HL7 and DICOM are commonly used international interchange standards. In the case of security standards, 76.5% of HISs do not support the HIPPA and CEN TC 251 security standards. ICD was the most commonly used terminology standard in the HISs. Several studies have indicated that HISs should cover data exchange, security and terminology standards to provide integration of heterogeneous systems.Conclusion: In the current study, the role of standards in the architecture of the HISs was inconspicuous. To make the HIS effective, it is necessary to consider the standards when developing the system. In this matter, legislation could help.
APA, Harvard, Vancouver, ISO, and other styles
22

Arutyunov, V. V. "Clustering of information-security standards of the Russian Federation." Scientific and Technical Information Processing 44, no. 2 (April 2017): 125–33. http://dx.doi.org/10.3103/s0147688217020071.

Full text
APA, Harvard, Vancouver, ISO, and other styles
23

Humphreys, Edward. "Information security management standards: Compliance, governance and risk management." Information Security Technical Report 13, no. 4 (November 2008): 247–55. http://dx.doi.org/10.1016/j.istr.2008.10.010.

Full text
APA, Harvard, Vancouver, ISO, and other styles
24

Fernández-Medina, Eduardo, and Mariemma I. Yagüe. "State of standards in the information systems security area." Computer Standards & Interfaces 30, no. 6 (August 2008): 339–40. http://dx.doi.org/10.1016/j.csi.2008.03.001.

Full text
APA, Harvard, Vancouver, ISO, and other styles
25

Nicho, Mathew, Hussein Fakhry, and Charles Haiber. "An Integrated Security Governance Framework for Effective PCI DSS Implementation." International Journal of Information Security and Privacy 5, no. 3 (July 2011): 50–67. http://dx.doi.org/10.4018/jisp.2011070104.

Full text
Abstract:
This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.
APA, Harvard, Vancouver, ISO, and other styles
26

Ahler, Ekaterina. "The ISO/IEC 27001 standard provides a systematic approach to information security management." Upravlenie kachestvom (Quality management), no. 1 (January 1, 2021): 36–38. http://dx.doi.org/10.33920/pro-1-2101-07.

Full text
Abstract:
The company's information security is not only compliance with a set of IT security measures, but also the correct choice of the appropriate standard. Let's look at what standards are aimed at ensuring the information security of the company.
APA, Harvard, Vancouver, ISO, and other styles
27

Topa, Ioanna, and Maria Karyda. "From theory to practice: guidelines for enhancing information security management." Information & Computer Security 27, no. 3 (July 8, 2019): 326–42. http://dx.doi.org/10.1108/ics-09-2018-0108.

Full text
Abstract:
Purpose This study aims to identify the implications of security behaviour determinants for security management to propose respective guidelines which can be integrated with current security management practices, including those following the widely adopted information security standards ISO 27001, 27002, 27003 and 27005. Design/methodology/approach Based on an exhaustive analysis of related literature, the authors identify critical factors influencing employee security behaviour and ISP compliance. The authors use these factors to perform a gap analysis of widely adopted information security standards ISO 27001, 27002, 27003 and 27005 and identify issues not covered or only partially addressed. Drawing on the implications of security behaviour determinants and the identified gaps, the authors provide guidelines which can enhance security management practices. Findings The authors uncover the factors shaping security behaviour barely or partly considered in the ISO information security standards ISO 27001, 27002, 27003 and 27005, including top management participation, accommodating individual characteristics, embracing the cultural context, encouraging employees to comply out of habit and considering the cost of compliance. Furthermore, the authors provide guidelines to security managers on enhancing their security management practices when implementing the above ISO Standards. Practical implications This study offers guidelines on how to create and design security management practices whilst implementing ISO standards (ISO 27001, ISO 27002, ISO 27003, ISO 27005) so as to enhance ISP compliance. Originality/value This study analyses the role and implications of security behaviour determinants, discusses discrepancies and conflicting findings in related literature, provides a gap analysis of commonly used information security standards (ISO 27001, 27002, 27003 and 27005) and proposes guidelines on enhancing security management practices towards improving ISP compliance.
APA, Harvard, Vancouver, ISO, and other styles
28

OLIFER, Dmitrij, Nikolaj GORANIN, Arnas KACENIAUSKAS, and Antanas CENYS. "CONTROLS-BASED APPROACH FOR EVALUATION OF INFORMATION SECURITY STANDARDS IMPLEMENTATION COSTS." Technological and Economic Development of Economy 23, no. 1 (January 22, 2017): 196–219. http://dx.doi.org/10.3846/20294913.2017.1280558.

Full text
Abstract:
According to the PricewaterhouseCoopers analysis, the average cost of a single information security and data protections breaches has increased twice during 2015 (Pricewaterhouse Coopers 2015). Amount of organizations who reported serious breach has also risen (from 9% in 2015 to 17% in 2016) (PricewaterhouseCoopers 2016). To achieve their goals criminals are using different techniques starting from Social engineering (phishing, whaling) and finishing with malware execution (such as ransomware) on target machines. Recent attacks (attack on Central Bank of Bangladesh, fraud attack on Mattel CEO and attack on Thailand state-run Government bank ATM) show, that criminals are very well organized, equipped and spend a lot of money and time to prepare their attacks. To protect themselves organizations are required to ensure security in depth principles and implement complex Security solutions, which are able to ensure the needed level of information security in appropriate costs. However, information security cost-benefits assessment is complicated, because of lack of structured cost-benefit methods and issues with comparing IT security solutions in light of prevailing uncertainties. Existing methods are oriented on processes, environment lifecycles or specific standard implementations. Because of that, existing methods do not cover all needed security areas and methods reusability is a complicated task. Trying to solve this issue, we have proposed a new method for information standards implementation costs evaluation, based on information security controls.
APA, Harvard, Vancouver, ISO, and other styles
29

Otenko, Irina, and Olena Preobrazenska. "International Standards of Corporate Security." Advanced Engineering Forum 22 (May 2017): 53–61. http://dx.doi.org/10.4028/www.scientific.net/aef.22.53.

Full text
Abstract:
Under the influence of the processes of intensification of relations among internal and external environment of companies the necessity of compliance to international standards is rising significantly. There is a growing need for a deep understanding of corporate relations, using of control mechanisms over the company, demands for its transparency, balance of stakeholders interests and rights. These processes determine the effectiveness of corporate security systems. Currently, the capacity to implement effective management of corporate security involves the development of a business approach that creates long-term shareholder value by combining use of opportunities and risk management that meet applying to international standards and practices. The concept of security is mainly designed for a long period of time. With the development of open market relations and strengthening of legal regulation of the market measures, the emphasis of security has been transferring to the sphere of economy. Security becomes an essential priority for any kind of business interaction. In order to find out where security problems currently stand in practice and within academia circles the relevant sources of information were analyzed. The result of formalization, generalization of best international management practices and expertise are defined in international standards. In the article the content of the application and features of standards relating to key aspects of corporate security at the national and international markets are considered.
APA, Harvard, Vancouver, ISO, and other styles
30

Fenz, Stefan, Stefanie Plieschnegger, and Heidi Hobel. "Mapping information security standard ISO 27002 to an ontological structure." Information & Computer Security 24, no. 5 (November 14, 2016): 452–73. http://dx.doi.org/10.1108/ics-07-2015-0030.

Full text
Abstract:
Purpose The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets. Design/methodology/approach Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high. Findings This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets. Originality/value The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.
APA, Harvard, Vancouver, ISO, and other styles
31

Bârsan, Mihai. "Aspects regarding the implementation of information security standards in organizations." Revista Română de Biblioteconomie și Știința Informării = Romanian Journal of Library and Information Science 13, no. 1 (2017): 21–26. http://dx.doi.org/10.26660/rrbsi.2017.13.1.21.

Full text
APA, Harvard, Vancouver, ISO, and other styles
32

Miloslavskaya, Natalia G., and Alexander I. Tolstoy. "Competence Requirements of ISO/IEC Standards for Information Security Professionals." Bezopasnost informacionnyh tehnology, no. 4 (November 2017): 6–18. http://dx.doi.org/10.26583/bit.2017.4.01.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

Amsenga, Johann. "ISO/IEC JTC1/SC27 - SE Standards for Information Technology Security." INSIGHT 17, no. 1 (April 2014): 20–22. http://dx.doi.org/10.1002/inst.201417120.

Full text
APA, Harvard, Vancouver, ISO, and other styles
34

Thuraisingham, Bhavani, and Stefanos Gritzalis. "Information and communications security, privacy and trust: Standards and regulations." Computer Standards & Interfaces 32, no. 5-6 (October 2010): 229. http://dx.doi.org/10.1016/j.csi.2010.04.001.

Full text
APA, Harvard, Vancouver, ISO, and other styles
35

Sulistyowati, Diah, Fitri Handayani, and Yohan Suryanto. "Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS." JOIV : International Journal on Informatics Visualization 4, no. 4 (December 18, 2020): 225. http://dx.doi.org/10.30630/joiv.4.4.482.

Full text
Abstract:
Data or Information security in today's digital era is crucial in every organization that needs to pay attention. Management of organizational information is one of the components in realizing Good Corporate Governance. The measure of an adequate level of protection is an indicator of the cybersecurity awareness aspects of an organization's business processes in the short, medium, and long term, especially in the field that deals with information and communication technology (ICT). To make this happen, it requires a security standard that is appropriate and follows its needs to help organizations know the maturity level of cybersecurity in protecting its information security. The ABC organization is one of the Government agencies that manage the critical infrastructure and Indonesian digital economies. The organization has currently implemented several international security standards through its planning, implementation, evaluation document, and ICT activities. However, based on the national information security readiness assessment, information security management readiness results are still not optimal. In this study, an analysis of the NIST, ISO 27002, COBIT, and PCI DSS security standards has been carried out, which are ABC organizational security standards in managing ICT by assigned tasks and functions. Furthermore, the analysis result is used as materials for drafting a cybersecurity maturity framework through the four standard approaches that have become the basis for ICT management. The proposed concept of twenty-one integrated cybersecurity categories is expected to be a capital in measure ICT management performance in ABC organizations.
APA, Harvard, Vancouver, ISO, and other styles
36

ADEBOWALE, AJAYI, NICULAE GOGA, OTUSILE OLUWABUKOLA, and ABEL SAMUEL. "Formal Methods in Information Security." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 14, no. 4 (February 9, 2015): 5621–31. http://dx.doi.org/10.24297/ijct.v14i4.1963.

Full text
Abstract:
Formal methods use mathematical models for analysis and verification at any part of the program life-cycle. The use of formal methods is admitted, recommended, and sometimes prescribed in safety-and security-related standards dealing, e.g., with avionics, railways, nuclear energy, and secure information systems. This paper describes the state of the art in the industrial use of formal methods ininformation security with a focus on verification of security protocols. Given the vast scope of available solutions, attention has been focused just on the most popular and most representative ones, without exhaustiveness claims. We describe some of the highlights of our survey by presenting a series of industrial projects, and we draw some observations from these surveys and records of experience. Based on this, we discuss issues surrounding the industrial adoption of formal methods in security protocol engineering.
APA, Harvard, Vancouver, ISO, and other styles
37

Андрущак, І., В. Марценюк, I. Андрощук, В. Чудовець, and М. Потейчук. "CLOUD COMPUTING AND ANALYSIS FEATURES OF CLOUD INFORMATION SECURITY." КОМП’ЮТЕРНО-ІНТЕГРОВАНІ ТЕХНОЛОГІЇ: ОСВІТА, НАУКА, ВИРОБНИЦТВО, no. 37 (December 28, 2019): 5–9. http://dx.doi.org/10.36910/6775-2524-0560-2019-37-1.

Full text
Abstract:
The article discusses the current state of application and development of cloud computing, the main advantages and disadvantages of their use in the states, enterprises and in scientific activity. The standards, regulations and guidance documents in the field of cloud computing information security are developed and analyzed, developed by the Cloud Security Alliance (CSA), the European Network and Information Security Agency (ENISA) and the National Institute of Standards and Technology (NIST), and the results of a detailed analysis of the issues information security in the cloud.
APA, Harvard, Vancouver, ISO, and other styles
38

Yang, Guang Hong, Qing Zhang, Ding Yong Tang, and Cong Min Huang. "A Solution about Application System How to Transfer Information Across Different Domains." Applied Mechanics and Materials 190-191 (July 2012): 898–901. http://dx.doi.org/10.4028/www.scientific.net/amm.190-191.898.

Full text
Abstract:
We design a data exchange platform with the joint topology , based on data exchange and file encryption technology of messaging middleware and integration middleware, after analyzing the requirements on how to exchange information of different application systems in different security domains. The platform achieves the purpose of exchanging information securely between different application systems and different security domains , in accordance with the requirements of relevant standards.
APA, Harvard, Vancouver, ISO, and other styles
39

Bychkov, Oleksii. "TO THE CONCEPT OF A PROTECTED OPERATION SYSTEM." Information systems and technologies security, no. 1 (1) (2019): 42–51. http://dx.doi.org/10.17721/ists.2019.1.42-51.

Full text
Abstract:
At the present stage of the use of information technologies in society, the issue of information protection becomes important. Operating systems play a major role in this. They are assigned the role of protectors of all user data and access rights. The authors of the article were tasked with proposing a classification of the use of operating systems and with the requirements for mechanisms of protection of information under this classification. In the article: - the existing security standards that are implemented in modern operating systems are analyzed. Existing security standards are outlined (Trusted Computer System Evaluation Criteria «Orange Book», TCSEC, ISO 17799). In the Orange Book, a trusted system is defined as "a system that uses sufficient hardware and software to provide simultaneous processing of information of varying secrecy by a group of users without violating access rights." Security mechanisms and security classes of modern operating systems and BS 7799 security management model are also considered; this standard contains a systematic, complete, universal list of safety regulators, useful for the organization of almost any size, structure and scope information security management system. The standard Information Security Management System (ISMS) refers to the proportion of the overall risk-based management system designed to design, implement, control, maintain and improve information security activities. This system consists of organizational structures, policies, planning actions, responsibilities, procedures, processes and resources; - the analysis of the mechanisms of the complex system of information security (CSIS) and security, which are implemented in modern operating systems; - classification of operating system usage variants in information and telecommunication systems is offered. Requirements for information security mechanisms for operating systems according to the proposed classification are defined; - requirements for operating system information security standard and requirements for OS security mechanisms within the usage class are proposed
APA, Harvard, Vancouver, ISO, and other styles
40

A. T. Zharkimbekov, A. B. Ospanov, and K. M. Sagindykov. "THE ROLE OF REGULATORY DOCUMENTS IN THE FIELD OF INFORMATION SECURITY USED IN THE STUDY OF THE SECURITY OF COMPUTER NETWORKS." Bulletin of the National Engineering Academy of the Republic of Kazakhstan 3, no. 77 (October 15, 2020): 77–81. http://dx.doi.org/10.47533/2020.1606-146x.08.

Full text
Abstract:
This paper examines international and domestic standards used in the study of computer network security. A brief history of standards in the field of information security is presented. The necessity of standards in the field of information protection is determined. The features and requirements of the standards are studied. Definitions and normative documents in the field of information security used in the author’s research work are also given.
APA, Harvard, Vancouver, ISO, and other styles
41

Handoyo, Eko. "Analisis Tingkat Keamanan Informasi: Studi Komparasi Framework Cobit 5 Subdomain Manage Security Services (DSS05) dan NIST Sp 800 – 55." Jurnal CoSciTech (Computer Science and Information Technology) 1, no. 2 (October 31, 2020): 76–83. http://dx.doi.org/10.37859/coscitech.v1i2.2199.

Full text
Abstract:
Information technology is a very important part of the organization. IT is expected to provide a good profit for the company. However, as technology evolves, it is often exploited by some irresponsible parties that can lead to the emergence of threats and risks from the use of technology. The organization needs to measure the level of information security to identify the system's weaknesses and threats to the organization. Standards for measuring information security are COBIT 5 subdomain manage security services (DSS05) and NIST SP 800-55 revision 1. This study is comparing the two standards. Comparative analysis uses qualitative analysis based on three aspects in information security that are confidentiality, integrity, and availability. Based on the analysis result obtained the advantages and disadvantages of each standard.
APA, Harvard, Vancouver, ISO, and other styles
42

Backhouse, Hsu, and Silva. "Circuits of Power in Creating de jure Standards: Shaping an International Information Systems Security Standard." MIS Quarterly 30 (2006): 413. http://dx.doi.org/10.2307/25148767.

Full text
APA, Harvard, Vancouver, ISO, and other styles
43

Dotsenko, Sergiy, Oleg Illiashenko, Sergii Kamenskyi, and Vyacheslav Kharchenko. "Integrated Model of Knowledge Management for Security of Information Technologies: Standards ISO/IEC 15408 and ISO/IEC 18045." Information & Security: An International Journal 43, no. 3 (2019): 305–17. http://dx.doi.org/10.11610/isij.4323.

Full text
APA, Harvard, Vancouver, ISO, and other styles
44

Afrianto, Irawan, Taryana Suryana, and Sufa’atin Sufa’atin. "Pengukuran dan Evaluasi Keamanan Informasi Menggunakan Indeks KAMI - SNI ISO/IEC 27001:2009." Jurnal ULTIMA InfoSys 6, no. 1 (June 1, 2015): 43–49. http://dx.doi.org/10.31937/si.v6i1.278.

Full text
Abstract:
Information is a valuable asset for the college. The need for safeguards against information becomes very necessary thing for a college. One standard that can be used to measure the maturity level of information security in an organization is the KAMI index developed by Depkominfo standards refer to ISO standard ISO / IEC 27001: 2009. This assessment is used to see how far the maturity level of information security in the college environment, which results can be used as a medium for evaluation in order to improve the information security of the college in the future. Index Terms - Assessment, Information security, KAMI Index, Maturity Level, College X
APA, Harvard, Vancouver, ISO, and other styles
45

Magennis, Tina, and Jennifer Mitchell. "Privacy and Security: Are Your Health Information Systems up to Standard?" Health Information Management 26, no. 4 (December 1996): 197–201. http://dx.doi.org/10.1177/183335839702600409.

Full text
Abstract:
As electronic patient health information systems become more fully developed and widespread, there are persistent concerns about the privacy and confidentiality of the personal health data being stored and disseminated. Standards Australia has released two Standards which provide useful guidelines for the organisational, technological and human behaviour solutions required to protect privacy and confidentiality in health care organisations. The major requirements of these Standards are outlined and the implications of the Standards for health information managers are discussed.
APA, Harvard, Vancouver, ISO, and other styles
46

Martino, Lorenzo D., and Elisa Bertino. "Security for Web Services." International Journal of Web Services Research 6, no. 4 (October 2009): 48–74. http://dx.doi.org/10.4018/jwsr.2009071303.

Full text
Abstract:
This article discusses the main security requirements for Web services and it describes how such security requirements are addressed by standards for Web services security recently developed or under development by various standardizations bodies. Standards are reviewed according to a conceptual framework that groups them by the main functionalities they provide. Covered standards include most of the standards encompassed by the original Web Service Security roadmap proposed by Microsoft and IBM in 2002 (Microsoft and IBM 2002). They range from the ones geared toward message and conversation security and reliability to those developed for providing interoperable Single Sign On and Identity Management functions in federated organizations. The latter include Security Assertion Markup Language (SAML), WS-Policy, XACML, that is related to access control and has been recently extended with a profile for Web services access control; XKMS and WS-Trust; WS-Federation, Liberty Alliance and Shibboleth, that address the important problem of identity management in federated organizations. The article also discusses the issues related to the use of the standards and open research issues in the area of access control for Web services and innovative digital identity management techniques are outlined.
APA, Harvard, Vancouver, ISO, and other styles
47

Simić-Draws, Daniela, Stephan Neumann, Anna Kahlert, Philipp Richter, Rüdiger Grimm, Melanie Volkamer, and Alexander Roßnagel. "Holistic and Law Compatible IT Security Evaluation." International Journal of Information Security and Privacy 7, no. 3 (July 2013): 16–35. http://dx.doi.org/10.4018/jisp.2013070102.

Full text
Abstract:
Common Criteria and ISO 27001/IT-Grundschutz are well acknowledged evaluation standards for the security of IT systems and the organisation they are embedded in. These standards take a technical point of view. In legally sensitive areas, such as processing of personal information or online voting, compliance with the legal specifications is of high importance, however, for the users’ trust in an IT system and thus for the success of this system. This article shows how standards for the evaluation of IT security may be integrated with the KORA approach for law compatible technology design to the benefit of both – increasing confidence IT systems and their conformity with the law on one hand and a concrete possibility for legal requirements to be integrated into technology design from the start. The soundness of this interdisciplinary work will be presented in an exemplary application to online voting.
APA, Harvard, Vancouver, ISO, and other styles
48

Mkuzangwe, Nenekazi N. P., and Zubeida C. Khan. "Cyber-Threat Information-Sharing Standards: A Review of Evaluation Literature." African Journal of Information and Communication, no. 25 (June 30, 1999): 1–12. http://dx.doi.org/10.23962/10539/29191.

Full text
Abstract:
Cyber-threat information-sharing tools, through which cybersecurity teams share threat information, are essential to combatting today’s increasingly frequent and sophisticated cyber-attacks. Several cyber-threat information-sharing standards exist, but there is at present no single standard or set of standards widely adopted by organisations and by computer security incident response teams (CSIRTs) operating at organisational, sectoral, national, and international levels. This introduces an interoperability problem in respect of communication across the various organisations and CSIRTs. Harmonised adoption of threat information-sharing standards would be of great benefit to cybersecurity efforts. In an effort to support harmonised use of cyber-threat information-sharing standards, this article provides findings from a review of the extant literature on such standards.
APA, Harvard, Vancouver, ISO, and other styles
49

Lin, Ta Wei, Fu Tung Wang, and Tzong Dar Wu. "Information Security Study on Innovative Power Meter System." Applied Mechanics and Materials 284-287 (January 2013): 1057–61. http://dx.doi.org/10.4028/www.scientific.net/amm.284-287.1057.

Full text
Abstract:
This study investigates the RFID based innovative power meter system. The system architecture and business process are improved by adopting standard complied design approach. Open Standards contributes more flexibility, more interoperability, less time consuming to our innovative system developing and play a key role for well emerging and running into global ICT infrastructures. Then a protocol framework to address security issue is provided and it make password based authentication scheme workable to enhance the security strength. RSA based digital signature methods are introduced to achieves a two-way authentication from tag to reader. Proposed protocol framework suits for power meter practical service process and offers potential to upgrade the cryptography methods for future hardware progress. It could be used as the foundation for inducing advanced technique while inspecting the information security requirements need. Our study is helpful for future power resource management system deploying and it is also valuable to address the security problem for mobile reader like RFID innovation system.
APA, Harvard, Vancouver, ISO, and other styles
50

Nikolaidis, I. "Network security essentials: applications ond standards [Books]." IEEE Network 14, no. 2 (March 2000): 6. http://dx.doi.org/10.1109/mnet.2000.826358.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Information security standards' for other source types:
Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography