{"title":"企业信息安全评估——优先级的重要性","authors":"Erik Johansson, Pontus Johnson","doi":"10.1109/EDOC.2005.9","DOIUrl":null,"url":null,"abstract":"Assessing the level of information security in an enterprise is a serious challenge for many organizations. This paper considers the prioritization of the field of enterprise information security. The paper thus considers how we may know what parts of information security are important for a company to address and what parts are not. Two methods for prioritization are used. The results demonstrate to what extent different standards committees, guideline authors and expert groups differ in their opinions on what the important issues are in enterprise information security. The ISO/IEC 17799, the NIST SP 800-26, the ISF standards committees, the CMU/SEI OCTAVE framework authors and an expert panel at the Swedish Information Processing Society (DFS) are considered. The differences in prioritization have important consequences on enterprise information security assessments. The effects on the information security assessment results in a European energy company are presented in the paper.","PeriodicalId":106387,"journal":{"name":"Ninth IEEE International EDOC Enterprise Computing Conference (EDOC'05)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2005-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Assessment of enterprise information security - the importance of prioritization $\",\"authors\":\"Erik Johansson, Pontus Johnson\",\"doi\":\"10.1109/EDOC.2005.9\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Assessing the level of information security in an enterprise is a serious challenge for many organizations. This paper considers the prioritization of the field of enterprise information security. The paper thus considers how we may know what parts of information security are important for a company to address and what parts are not. Two methods for prioritization are used. The results demonstrate to what extent different standards committees, guideline authors and expert groups differ in their opinions on what the important issues are in enterprise information security. The ISO/IEC 17799, the NIST SP 800-26, the ISF standards committees, the CMU/SEI OCTAVE framework authors and an expert panel at the Swedish Information Processing Society (DFS) are considered. The differences in prioritization have important consequences on enterprise information security assessments. The effects on the information security assessment results in a European energy company are presented in the paper.\",\"PeriodicalId\":106387,\"journal\":{\"name\":\"Ninth IEEE International EDOC Enterprise Computing Conference (EDOC'05)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Ninth IEEE International EDOC Enterprise Computing Conference (EDOC'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EDOC.2005.9\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ninth IEEE International EDOC Enterprise Computing Conference (EDOC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDOC.2005.9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Assessment of enterprise information security - the importance of prioritization $
Assessing the level of information security in an enterprise is a serious challenge for many organizations. This paper considers the prioritization of the field of enterprise information security. The paper thus considers how we may know what parts of information security are important for a company to address and what parts are not. Two methods for prioritization are used. The results demonstrate to what extent different standards committees, guideline authors and expert groups differ in their opinions on what the important issues are in enterprise information security. The ISO/IEC 17799, the NIST SP 800-26, the ISF standards committees, the CMU/SEI OCTAVE framework authors and an expert panel at the Swedish Information Processing Society (DFS) are considered. The differences in prioritization have important consequences on enterprise information security assessments. The effects on the information security assessment results in a European energy company are presented in the paper.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
