Information security control assessment provides a comprehensive control analysis approach to assist an organization in measuring the effectiveness of its current and planned security controls. ISO/IEC 27005 is a risk management framework that can manage and treat risks in organizations. However, ISO/IEC 27005 does not define a clear guideline on how to select and prioritize information security control despite the need for an efficient security analysis method. The ISO 27005 framework mostly depends on subjective judgment and qualitative approaches for security control analysis. This paper aims to improve the ISC analysis method by proposing the concept of multiple attribute decision making to provide clear guidelines in solving these issu...
An efficient IT security management relies upon the ability to make a good compromise between the co...
Controls The main purpose of the Information Security Analyst is to control the exposure to informat...
Management is required to understand all information security risks within an organization, and to m...
Information security control assessment provides a comprehensive control analysis approach to assist...
This study deals with the problem of prioritization of Information Security Controls where most orga...
For organizations, the protection of information is of utmost importance. Throughout the years, orga...
Managing a large number of Information Security controls with slight impact may increase the extra e...
Abstract IT security incidents pose a major threat to the efficient execution of cor-porate strategi...
Subject of the thesis is to create extended model for the evaluation of information security control...
As we have discussed in the problem analysis of this thesis, there are still many challenges regardi...
Assuring information security is a necessity in modern organizations. Many recommendations for infor...
Currently, control of access to information and physical resources has become extremely important. N...
ISO/IEC 27001 is a specification for an Information Security Management System (ISMS). It contains a...
Managing Information Security (InfoSec) within an organization is becoming a very complex task. Curr...
Evaluating particular assets for information security risk assessment should take into consideration...
An efficient IT security management relies upon the ability to make a good compromise between the co...
Controls The main purpose of the Information Security Analyst is to control the exposure to informat...
Management is required to understand all information security risks within an organization, and to m...
Information security control assessment provides a comprehensive control analysis approach to assist...
This study deals with the problem of prioritization of Information Security Controls where most orga...
For organizations, the protection of information is of utmost importance. Throughout the years, orga...
Managing a large number of Information Security controls with slight impact may increase the extra e...
Abstract IT security incidents pose a major threat to the efficient execution of cor-porate strategi...
Subject of the thesis is to create extended model for the evaluation of information security control...
As we have discussed in the problem analysis of this thesis, there are still many challenges regardi...
Assuring information security is a necessity in modern organizations. Many recommendations for infor...
Currently, control of access to information and physical resources has become extremely important. N...
ISO/IEC 27001 is a specification for an Information Security Management System (ISMS). It contains a...
Managing Information Security (InfoSec) within an organization is becoming a very complex task. Curr...
Evaluating particular assets for information security risk assessment should take into consideration...
An efficient IT security management relies upon the ability to make a good compromise between the co...
Controls The main purpose of the Information Security Analyst is to control the exposure to informat...
Management is required to understand all information security risks within an organization, and to m...