IT Security Frameworks: Risk Management Analysis and Solutions
Article No.: 44, Pages 1 - 7
Abstract
The negative effects of information security events are growing globally due to the substantial growth and organizational reliance on information technology (IT). To resolve the information security attacks, vulnerabilities, threats and breaches, there‘s a need for standards that adapt the best practices so that appropriate security levels are accomplished and IT risk management frameworks demands a great change and thus need of new framework is paramount in current perspective. This paper examines most of the existing IT risk management frameworks by conducting the survey amongst various industries, their team leaders and their IT security team members. Following the detailed analytics of the existing models and discussion of various common control management techniques and challenges, this paper attempts to identify gaps in these models that can be resolved through a new framework that can enhance the security levels in IT sector
References
[1]
Allen, Julia H. (2018): Governing for Enterprise Security. Carnegie Mellon University. Report. https://doi.org/10.1184/R1/6573995.v1
[2]
Patrick Macharia Njoroge et. Al. A FRAMEWORK FOR EFFECTIVE INFORMATION SECURITY RISK MANAGEMENT IN KENYAN PUBLIC UNIVERSITIES, IJSSIT, Volume IV, ISSUE X, 2019
[3]
Educase, Information Security Governancehttps://www.educause.edu/focus-areas- and-initiatives/ policy-and-security/cybersecurity-program/ resources/information-security-guide/toolkits/information-security-governance
[4]
Diligent (2017), Information Security Governance Best Practices https://www.diligent.com/en- gb/blog /information- security-governance-best-practices/
[5]
ISO/IEC 27001:2005, Information technology — Security techniques — Information security management systems — Requirements https://www.iso.org/standard/42103.html#:∼:text=ISO%2FIEC%2027001%3A2005%20specifies,the%20organization's%20overall%20business%20risks.
[6]
FOUNDATION for POLICY and GOVERNANCE, ISO-31000-2018, https://www.foundpg.com/iso-31000
[7]
NIST US, (2017), Information Security, Managing Information Security Risk Organization, Mission, and Information System View, Special Publication 800-39
[8]
Kidd Chrissy, (2019), BMC Blogs (https://www.bmc.com/blogs/cobit/)
Index Terms
- IT Security Frameworks: Risk Management Analysis and Solutions
Recommendations
Information security management: An information security retrieval and awareness model for industry
The purpose of this paper is to present a conceptual view of an Information Security Retrieval and Awareness (ISRA) model that can be used by industry to enhance information security awareness among employees. A common body of knowledge for information ...
Performance Metrics for Information Security Risk Management
Qualitative methods are available for risk management, but better practice would use quantitative risk management based on expected losses and related metrics. Measuring the success of information security investments is best accomplished by measuring ...
Information security management: firewall selection -- factors surrounding the selection and implementation of a firewall system for an organization
InfoSecCD '09: 2009 Information Security Curriculum Development ConferenceInformation security management is an important part of any given organization and it mainly involves ensuring that the data and company information is secure [5]. This paper starts by defining firewall architectures and then progresses in to the ...
Comments
Information & Contributors
Information
Published In
December 2022
749 pages
ISBN:9781450399937
DOI:10.1145/3590837
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 May 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICIMMI 2022
ICIMMI 2022: International Conference on Information Management & Machine Intelligence
December 23 - 24, 2022
Jaipur, India
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 131Total Downloads
- Downloads (Last 12 months)76
- Downloads (Last 6 weeks)7
Reflects downloads up to 25 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format