A Framework for the Information Classification in ISO 27005 Standard

2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) Pub Date : 2017-06-26 DOI:10.1109/CSCloud.2017.13

V. Agrawal

{"title":"A Framework for the Information Classification in ISO 27005 Standard","authors":"V. Agrawal","doi":"10.1109/CSCloud.2017.13","DOIUrl":null,"url":null,"abstract":"Information Security Risk Management (ISRM) process involves several activities to conduct a risk management (RM) task in an organization. ISRM activities require access to various information related to the organization. An organization often needs to share information related to an ISRM process with the stakeholders involved in the activity. Therefore, it is important to manage the information which is critical to the operations of the organization. The presence of an information classification scheme can enable the proper handling of the information involved in the RM task. We selected ISO/IEC27005:2011 risk management standard to assess various information generated during the process of applying this standard in an organization. The purpose of this study is to propose a framework to show various information objects involved in ISO27005 risk management standard and classify the information based on the guideline provided by UNINETT scheme. A case scenario of a health clinic is developed to identify ISRM related information objects using the proposed framework and classify the information using UNINETT scheme.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"37 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2017.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

Abstract

Information Security Risk Management (ISRM) process involves several activities to conduct a risk management (RM) task in an organization. ISRM activities require access to various information related to the organization. An organization often needs to share information related to an ISRM process with the stakeholders involved in the activity. Therefore, it is important to manage the information which is critical to the operations of the organization. The presence of an information classification scheme can enable the proper handling of the information involved in the RM task. We selected ISO/IEC27005:2011 risk management standard to assess various information generated during the process of applying this standard in an organization. The purpose of this study is to propose a framework to show various information objects involved in ISO27005 risk management standard and classify the information based on the guideline provided by UNINETT scheme. A case scenario of a health clinic is developed to identify ISRM related information objects using the proposed framework and classify the information using UNINETT scheme.

查看原文本刊更多论文

ISO 27005标准中的信息分类框架

信息安全风险管理(ISRM)过程包括在组织中执行风险管理(RM)任务的几个活动。ISRM活动需要访问与组织相关的各种信息。组织经常需要与参与活动的涉众共享与ISRM过程相关的信息。因此，管理对组织运作至关重要的信息是很重要的。信息分类方案的存在可以支持正确处理RM任务中涉及的信息。我们选择ISO/IEC27005:2011风险管理标准来评估组织在应用该标准过程中产生的各种信息。本研究的目的是提出一个框架来显示ISO27005风险管理标准中涉及的各种信息对象，并根据uninet方案提供的指南对信息进行分类。开发了一个保健诊所的案例场景，以便使用提议的框架识别ISRM相关的信息对象，并使用uninet方案对信息进行分类。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)

自引率

0.00%

发文量