INFORMATION SECURITY RISK MANAGEMENT: STANDARDS AND CHALLENGES

Автор: Akaki Shekeladze
Организация: Georgian Technical University

Категория:

Ключевые слова: Information Security, Information Security Risk, Information Asset, Cyber Threats, ISO27005, NIST RMF
Аннотация. ALONG WITH CYBER THREATS AND CYBER ATTACKS CONTINUOUSLY OCCURRING IN ANY PART OF THE WORLD, INFORMATION SECURITY GAINS MORE AND MORE IMPORTANCE. THREATS AND RISKS REGARDING INFORMATION CANNOT BE ADDRESSED WITHOUT ADEQUATE APPROACH AND STRUCTURED METHODOLOGIES. THIS PAPER WILL COVER INFORMATION SECURITY MANAGEMENT CONCEPT, ITS NECESSITY AND MANAGEMENT OF THE PROCESS VIA USING INTERNATIONAL STANDARDS, INCLUDING ISO, NIST, COBIT, ETC. WE WILL ALSO COVER CHALLENGES IN THIS REGARD AND WAYS TO TACKLE WITH THEM.

Библиография:

1. James, Dave. n.d. “Seven Solid Benefits of Information Risk Management.” Ascentor. Accessed July 17, 2022. https://insights.ascentor.co.uk/blog/2012/02/seven-solid-benefits-of-information-risk-management
2. Refile, Olivia. 2020. “Information Security Risk Management: A Comprehensive Guide.” Linford & Company LLP. Accessed July 17, 2022. https://linfordco.com/blog/information-security-risk-management
3. Simplelearn. 2022. “What is COBIT? Understanding the COBIT Framework.” Accessed July 17, 2022. https://www.simplilearn.com/what-is-cobit-significance-and-framework-rar309-article
4. „ინფორმაციული უსაფრთხოების შესახებ“ საქართველოს კანონი
5. NIST. n.d. “Risk Management Framework for Information Systems and Organizations.” Accessed July 17, 2022. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
6. PECB. n.d. “Information Security Risk Management.” Accessed July 17, 2022. https://pecb.com/pdf/articles/61-pecb-information-security-risk-management.pdf
7. Infosec. 2018. “Risk treatment options, planning and prevention.” Accessed July 17, 2022. https://resources.infosecinstitute.com/topic/risk-treatment-options-planning-prevention/
8. Walid Al-Ahmad, Bassil Mohammad. 2013. “Addressing Information Security Risks by Adopting Standards.” INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE. Accessed July 17, 2022. https://www.ijiss.org/ijiss/index.php/ijiss/article/view/20
9. Kosutic, Dejan. n.d. “ISO 27001 Risk Assessment, Treatment, & Management: The Complete Guide.” Accessed July 17, 2022. https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/