Risk identification for an information security management system implementation
ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Security Management System (ISMS) implementation. A risk assessment exercise for an ISMS implementation requires human expertise with comprehensive understanding and considerable knowledge in informatio...
| Main Authors: | , |
|---|---|
| Format: | Proceeding Paper |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/28619/ http://irep.iium.edu.my/28619/4/securware_2012_2_50_30114-1.pdf |
| _version_ | 1848779993167953920 |
|---|---|
| author | Ramli, Noraza A. Aziz, Normaziah |
| author_facet | Ramli, Noraza A. Aziz, Normaziah |
| author_sort | Ramli, Noraza |
| building | IIUM Repository |
| collection | Online Access |
| description | ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Security Management System (ISMS) implementation. A risk assessment exercise for an ISMS implementation requires human expertise with comprehensive understanding and considerable knowledge in information security. A common risk assessment exercise is based on three sub-processes, namely, risk identification, risk analysis and risk evaluation. The lack of tools especially in the automation of risk identification emphasized the need of experienced personnel and this becomes a challenge for organizations seeking compliance with the ISMS standard. This paper proposes a relationship concept in asset and threat identification which is part of the risk identification sub-process. The concept provides a foundation to automate the risk assessment process for an identified scope of an ISMS implementation. |
| first_indexed | 2025-11-14T15:26:36Z |
| format | Proceeding Paper |
| id | iium-28619 |
| institution | International Islamic University Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-14T15:26:36Z |
| publishDate | 2012 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | iium-286192013-02-13T10:51:29Z http://irep.iium.edu.my/28619/ Risk identification for an information security management system implementation Ramli, Noraza A. Aziz, Normaziah QA75 Electronic computers. Computer science ISO/IEC 27001 is an international standard that provides a set of requirements for an Information Security Management System (ISMS) implementation. A risk assessment exercise for an ISMS implementation requires human expertise with comprehensive understanding and considerable knowledge in information security. A common risk assessment exercise is based on three sub-processes, namely, risk identification, risk analysis and risk evaluation. The lack of tools especially in the automation of risk identification emphasized the need of experienced personnel and this becomes a challenge for organizations seeking compliance with the ISMS standard. This paper proposes a relationship concept in asset and threat identification which is part of the risk identification sub-process. The concept provides a foundation to automate the risk assessment process for an identified scope of an ISMS implementation. 2012-08 Proceeding Paper PeerReviewed application/pdf en http://irep.iium.edu.my/28619/4/securware_2012_2_50_30114-1.pdf Ramli, Noraza and A. Aziz, Normaziah (2012) Risk identification for an information security management system implementation. In: SECURWARE 2012 , The Sixth International Conference on Emerging Security Information, Systems and Technologies , 19 August 2012, Rome, Italy. http://www.thinkmind.org/index.php?view=article&articleid=securware_2012_2_50_30114 |
| spellingShingle | QA75 Electronic computers. Computer science Ramli, Noraza A. Aziz, Normaziah Risk identification for an information security management system implementation |
| title | Risk identification for an information security management system implementation |
| title_full | Risk identification for an information security management system implementation |
| title_fullStr | Risk identification for an information security management system implementation |
| title_full_unstemmed | Risk identification for an information security management system implementation |
| title_short | Risk identification for an information security management system implementation |
| title_sort | risk identification for an information security management system implementation |
| topic | QA75 Electronic computers. Computer science |
| url | http://irep.iium.edu.my/28619/ http://irep.iium.edu.my/28619/ http://irep.iium.edu.my/28619/4/securware_2012_2_50_30114-1.pdf |