Interactive Selection of ISO 27001 Controls under Multiple Objectives
Publication
[:en]link.springer.com/chapter/10.1007%2F978-0-387-09699-5_31
IT security incidents pose a major threat to the efficient execution of corporate strategies. Although, information security standards provide a holistic approach to mitigate these threats and legal acts demand their implementation, companies often refrain from the implementation of information security standards, especially due to high costs and the lack of evidence for a positive cost/benefit ratio. This paper presents a new approach that supports decision makers in interactively defining the optimal set of security controls according to ISO 27001. Therefore, it uses input data from a security ontology that allows the standardized integration of rules which are necessary to model potential countermeasure combinations based on the ISO 27001 standard controls. The approach was implemented into a tool and tested by means of a case study. It not only supports decision makers in defining the controls needed for certification but also provides them with information regarding the efficiency of the chosen controls with regard to multiple definable objectives.
[:de]
IT security incidents pose a major threat to the efficient execution of corporate strategies. Although, information security standards provide a holistic approach to mitigate these threats and legal acts demand their implementation, companies often refrain from the implementation of information security standards, especially due to high costs and the lack of evidence for a positive cost/benefit ratio. This paper presents a new approach that supports decision makers in interactively defining the optimal set of security controls according to ISO 27001. Therefore, it uses input data from a security ontology that allows the standardized integration of rules which are necessary to model potential countermeasure combinations based on the ISO 27001 standard controls. The approach was implemented into a tool and tested by means of a case study. It not only supports decision makers in defining the controls needed for certification but also provides them with information regarding the efficiency of the chosen controls with regard to multiple definable objectives.
Tags In
Kategorien
Schlagwörter
Agribusiness
AURUM
BITCRIME
Building Planning
City Planning
Climate change
CO2
Compliance Management
Corporate Social Responsibility (CSR)
CSRMAP
Digital Farming
e-Health
ECOCITIES
Energy Efficiency
Energy Efficiency Directive (EED)
Energy Simulation
European Commission
farming.software
Glossary
IT Security
Landwirtschaft
Privacy
Pseudonymization
Risk Management
Semantic Web
SEMERGY
Smart farming
Sustainability