Information security control assessment provides a comprehensive control analysis approach to assist an organization in measuring the effectiveness of its current and planned security controls.ISO/IEC 27005 is a risk management framework that can manage and treat risks in organizations.However, ISO/IEC 27005 does not define a clear guideline on how to select and prioritize information security control despite the need for an efficient security analysis method.The ISO 27005 framework mostly depends on subjective judgment and qualitative approaches for security control analysis.This paper aims to improve the ISC analysis method by proposing the concept of multiple attribute decision making to provide clear guidelines in solving these issue...
An efficient IT security management relies upon the ability to make a good compromise between the co...
Management is required to understand all information security risks within an organization, and to m...
INTRODUCTION The importance of assuring the security of information assets is becoming more critical...
Information security control assessment provides a comprehensive control analysis approach to assist...
This study deals with the problem of prioritization of Information Security Controls where most orga...
For organizations, the protection of information is of utmost importance. Throughout the years, orga...
Managing a large number of Information Security controls with slight impact may increase the extra e...
Abstract IT security incidents pose a major threat to the efficient execution of cor-porate strategi...
Subject of the thesis is to create extended model for the evaluation of information security control...
As we have discussed in the problem analysis of this thesis, there are still many challenges regardi...
Evaluating particular assets for information security risk assessment should take into consideration...
Assuring information security is a necessity in modern organizations. Many recommendations for infor...
ISO/IEC 27001 is a specification for an Information Security Management System (ISMS). It contains a...
Managing Information Security (InfoSec) within an organization is becoming a very complex task. Curr...
Business constraints usually result in heuristic and biased approaches of risk analyses, e.g., check...
An efficient IT security management relies upon the ability to make a good compromise between the co...
Management is required to understand all information security risks within an organization, and to m...
INTRODUCTION The importance of assuring the security of information assets is becoming more critical...
Information security control assessment provides a comprehensive control analysis approach to assist...
This study deals with the problem of prioritization of Information Security Controls where most orga...
For organizations, the protection of information is of utmost importance. Throughout the years, orga...
Managing a large number of Information Security controls with slight impact may increase the extra e...
Abstract IT security incidents pose a major threat to the efficient execution of cor-porate strategi...
Subject of the thesis is to create extended model for the evaluation of information security control...
As we have discussed in the problem analysis of this thesis, there are still many challenges regardi...
Evaluating particular assets for information security risk assessment should take into consideration...
Assuring information security is a necessity in modern organizations. Many recommendations for infor...
ISO/IEC 27001 is a specification for an Information Security Management System (ISMS). It contains a...
Managing Information Security (InfoSec) within an organization is becoming a very complex task. Curr...
Business constraints usually result in heuristic and biased approaches of risk analyses, e.g., check...
An efficient IT security management relies upon the ability to make a good compromise between the co...
Management is required to understand all information security risks within an organization, and to m...
INTRODUCTION The importance of assuring the security of information assets is becoming more critical...