Relevant bibliographies by topics / IEC 27004

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'IEC 27004'

Author: Grafiati
Published: 25 June 2021
Last updated: 12 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'IEC 27004.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "IEC 27004"

1

Winarni, Ade. "Penilaian Tingkat Efektivitas Penerapan Keamanan Sistem Informasi Menggunakan Iso/Iec 27004:2009 Dan Iso/Sni 27001:2009 (Studi." Jurnal Bangkit Indonesia 5, no. 2 (October 31, 2016): 90. http://dx.doi.org/10.52771/bangkitindonesia.v5i2.77.

Full text
Abstract:
Sejak tahun 2014 STT Indonesia Tanjungpinang sudah menerapkan kebijakan SMKI, hal ini guna menunjang oprasional penerapan sistem informasi khususnya sistem informasi akademik dan keuangan (SIMAK), namun sampai saat ini belum dilakukan evaluasi terhadap penerapan SMKI tersebut. Maka dari itu penelitian ini berfokus pada penilaian tingkat efektivitas penerapan keamanan sistem informasi menggunakan ISO/IEC 27004. Untuk memastikan bahwa kebijakan SMKI yang sudah diterapkan saat ini berjalan dengan baik. Tahap yang dilakukan dimulai dari pengukuran tingkat efektivitas penerapan keamanan sistem informasi, dari hasil pengukuran dilakukan penilaian tingkat efektivitas. Jika dalam proses penelitian didapat kebijakan yang lemah, maka akan diberikan rekomendasi saran perbaikan baik berupa prosedur maupun standar oprating prosedur (SOP) guna meningkatkan keamanan informasi. Metodologi yang digunakan adalah fremework ISO/SNI 27001. Dalam penelitian ini peneliti mengharapkan adanya perbaikan kebijakan dan prosedur yang lemah guna meningkatkan keamanan informasi yang dapat menunjang oprasional dan proses bisnis.
APA, Harvard, Vancouver, ISO, and other styles
2

Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for Information Security Management." Journal of Information Security 04, no. 02 (2013): 92–100. http://dx.doi.org/10.4236/jis.2013.42011.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Aldya, A. P., S. Sutikno, and Y. Rosmansyah. "Measuring effectiveness of control of information security management system based on SNI ISO/IEC 27004: 2013 standard." IOP Conference Series: Materials Science and Engineering 550 (August 23, 2019): 012020. http://dx.doi.org/10.1088/1757-899x/550/1/012020.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Diamantopoulou, Vasiliki, Aggeliki Tsohou, and Maria Karyda. "From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls." Information & Computer Security 28, no. 4 (June 8, 2020): 645–62. http://dx.doi.org/10.1108/ics-01-2020-0004.

Full text
Abstract:
Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation. Design/methodology/approach This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013. Findings The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR. Originality/value This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.
APA, Harvard, Vancouver, ISO, and other styles
5

ال فيحان, اثير عبد الهادي, and عامر حمدي عبد غريب. "تقييم نظام أدارة امن المعلومات في الهيئة العراقية للحاسبات والمعلوماتية على وفق المواصفة الدولية (ISO/IEC 27001:2013." Journal of Economics and Administrative Sciences 21, no. 86 (December 1, 2015): 1. http://dx.doi.org/10.33095/jeas.v21i86.764.

Full text
Abstract:
تضمّن البحث الحالي (تقييم نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) في الهيئة العراقية للحواسيب والمعلوماتية) , اذ يعد وضع نظام اداري لامن المعلومات من الأولويات في الوقت الحاضر, وفي ظل اعتماد المنظمات على الحواسيب وتقانة المعلومات في العمل والتواصل مع الاخرين , تبقى الشرعية الدولية (والمتمثلة بمنظمة التقييس الدولية (ISO)) اساساً للمطابقة والالتزام, وتتجلى اهمية تطبيق نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) في حماية موجودات المنظمات وبخاصة المعلومات وقواعد البيانات بشكل منهجي ومستمر. هدف البحث اجراء تقييم ما بين نظام ادارة امن المعلومات القائم حالياً في الهيئة العراقية للحواسيب والمعلوماتية (موقع اجراء البحث) وبين نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) وباستعمال قوائم فحص تدقيقية من اجل تشخيص فجوات عدم المطابقة مع المواصفة الدولية. وتوصل البحث الى استنتاج مهم الا وهو (ان النظام الإداري لأمن المعلومات والمتبع في الهيئة العراقية للحواسيب والمعلوماتية وعلى الرغم من اعتماده التقانة الحديثة والملاك الكفوء الا انه يفتقر الى حسن التوثيق والتطبيق لكثير من المتطلبات التي جاءت بها المواصفة الدولية (ISO/IEC 27001:2013) , وبحاجة الى اعادة بناء هيكل تنظيمي ووظائف تنسجم مع ما جاءت به المواصفة الداعمة (ISO/IEC 27003:2010). واختتم البحث بأهم توصية (تشكيل فريق عمل يتبنى تهيئة مستلزمات تطبيق المواصفة (ISO/IEC 27001:2013), ويعمل على تلبية متطلباتها ومتطلبات نظم الادارة الاخرى (نظام ادارة الجودة وغير ذلك) , وترتبط بالادارة العليا لتيسير الدعم بالموارد والصلاحيات
APA, Harvard, Vancouver, ISO, and other styles
6

Sugianto, Anindya Dwi Lestari, Febriliyan Samopa, and Hanim Maria Astuti. "PENILAIAN DAN KONTROL RISIKO TERHADAP INFRASTRUKTUR DAN KEAMANAN INFORMASI BERDASARKAN STANDAR ISO/IEC 27001:2013 (STUDI KASUS: INSTITUT TEKNOLOGI SEPULUH NOPEMBER)." Sebatik 24, no. 1 (June 18, 2020): 96–101. http://dx.doi.org/10.46984/sebatik.v24i1.910.

Full text
Abstract:
Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) Institut Teknologi Sepuluh Nopember (ITS) Surabaya merupakan direktorat yang memiliki fungsi menangani seluruh aktivitas yang berhubungan dengan sistem dan teknologi informasi di ruang lingkup ITS. Risiko yang muncul dalam organisasi di bidang sistem dan teknologi informasi terutama pada ruang lingkup infrastruktur dan keamanan informasi, seperti adanya kerusakan aset, pencurian data, layanan yang tidak bisa diakses. Tindakan penanganan risiko terkait ruang lingkup infrastruktur dan keamanan informasi di DPTSI ITS belum diterapkan dengan baik sehingga dapat mengakibatkan terganggunya proses bisnis. Sehingga untuk memenuhi kebutuhan terkait ruang lingkup infrastruktur dan keamanan informasi diperlukan adanya standar agar dapat meminimalisir risiko yang ada. Standar yang digunakan dalam penelitian ini adalah standar ISO/IEC 27001:2013 sebagai kerangka kerja dalam proses identifikasi dan penilaian risiko terkait ruang lingkup infrastruktur dan keamanan informasi yang dibuat berdasarkan hasil wawancara dan justifikasi dari pihak DPTSI ITS. Adapun standar lain yang digunakan yaitu ISO/IEC 27002:2013 sebagai standar penyusunan kontrol dari hasil penilaian risiko terkait ruang lingkup infrastruktur dan keamanan informasi. Hasil yang diharapkan dalam penelitian ini berupa dokumen penilaian beserta penyusunan kontrol risiko yang sesuai dengan kebutuhan terkait ruang lingkup infrastruktur dan keamanan informasi di DPTSI ITS dengan menggunakan standar ISO/IEC 27001:2013 dan ISO/IEC 27002:2013.
APA, Harvard, Vancouver, ISO, and other styles
7

Mauladani, Furqon, and Daniel Oranova Siahaan. "Perancangan SMKI Berdasarkan SNI ISO/IEC27001:2013 dan SNI ISO/IEC27005:2013 (Studi Kasus DPTSI-ITS)." CSRID (Computer Science Research and Its Development Journal) 10, no. 1 (March 27, 2018): 32. http://dx.doi.org/10.22303/csrid.10.1.2018.32-43.

Full text
Abstract:
<p><em>Institut Teknologi Sepuluh Nopember (ITS) adalah salah satu universitas di Surabaya. ITS telah menggunakan TIK untuk keperluan operasional bisnisnya (contohnya isi kartu program studi, proses absensi, pembaharuan informasi, dan lainnya). Penggunaan TIK tidak dapat dipisahkan dari ancaman yang dapat mengganggu operasional TIK. Ancaman terdiri dari ancaman yang berasal dari luar (penyebaran malware, aktifitas social engineering), orang dalam (sengaja, tidak sengaja), kegagalan teknis (kesalahan penggunaan, kegagalan perangkat keras/lunak) ataupun bencana alam (kebakaran, gempa, banjir). Metode yang digunakan pada penelitian ini adalah melakukan manajemen resiko keamanan informasi berdasarkan SNI ISO/IEC 27005 dan perancangan dokumen SMKI berdasarkan SNI ISO/IEC 27001. Hasil penelitian ini adalah 60 resiko yang tidak diterima dari total 228 resiko yang telah teridentifikasi. Dari 60 resiko tersebut, terdapat 58 risk modification, 1 risk avoidance, dan 1 risk sharing. Tata kelola keamanan informasi yang dirancang berdasarkan SNI ISO/IEC 27001 adalah ruang lingkup SMKI, kebijakan SMKI, proses penilaian resiko, proses penanganan resiko, statement of applicability, dan sasaran keamanan informasi.</em></p>
APA, Harvard, Vancouver, ISO, and other styles
8

Hermawan, Wawan. "Perancangan Manajemen Risiko Keamanan Informasi pada Penyelenggara Sertifikasi Elektronik (PSrE)." Jurnal Telekomunikasi dan Komputer 9, no. 2 (August 31, 2019): 129. http://dx.doi.org/10.22441/incomtech.v9i2.6474.

Full text
Abstract:
Badan Pengkajian dan Penerapan Teknologi (BPPT) merupakan Penyelenggara Sertifikasi Elektronik (PSrE) untuk instansi pemerintah. Berdasarkan Peraturan Pemerintah No.82 Tahun 2012 Penyelenggara Sertifikasi Elektronik (PSrE) BPPT dikategorikan sebagai Penyelenggara Sistem Elektronik yang termasuk dalam Penyelenggara Sistem Elektronik strategis dan tinggi sehingga diwajibkan untuk memiliki sistem manajemen keamanan informasi. Dalam penelitian ini, untuk mendukung Penyelenggara Sertifikasi Elektronik (PSrE) BPPT memiliki sistem manajemen keamanan informasi maka dilakukan perancangan manajemen risiko keamanan informasi. Rancangan manajemen risiko pada Penyelenggara Sertifikasi Elektronik (PSrE) BPPT menggunakan framework ISO/IEC 27005 seperti penentuan konteks, kriteria dasar pengelolaan risiko, penentuan ruang lingkup, penilaian risiko, penanganan dan penerimaan risiko itu sendiri, aset utama dan aset pendukung pada Penyelenggara Sertifikasi Elektronik (PSrE) BPPT semua dilakukan penilaian risikonya dan untuk menghitung nilai risiko menggunakan NIST SP 800-30. Kemudian pada tahapan penanganan risiko menggunakan ISO/IEC 27002. Dari hasil penelitian ini, dapat disimpulkan bahwa terdapat terdapat 51 skenario risiko yang dilakukan pengurangan risiko (reduction) dan 10 skenario risiko yang dilakukan penerimaan risiko (accept) dengan mengaplikasikan kontrol yang direkomendasikan berdasarkan kepada ISO/IEC 27002.
APA, Harvard, Vancouver, ISO, and other styles
9

Fauzi, Rokhman. "Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO/IEC 27002." JTERA (Jurnal Teknologi Rekayasa) 3, no. 2 (December 3, 2018): 145. http://dx.doi.org/10.31544/jtera.v3.i2.2018.145-156.

Full text
Abstract:
Informasi merupakan aset organisasi yang harus dilindungi keamanannya. Sistem manajemen keamanan informasi diimplementasikan untuk melindungi aset informasi dari berbagai ancaman untuk menjamin kelangsungan usaha, meminimalisasi kerusakan akibat terjadinya ancaman, mempercepat kembalinya investasi, dan peluang usaha. Pada penelitian ini, standar internasional ISO/IEC 27001 dan analisis risiko metode OCTAVE-S digunakan dalam perancangan sistem manajemen keamanan informasi di salah satu perusahaan yang merupakan sebuah Usaha Kecil Menengah (UKM) yang bergerak di bidang engineering services. Sesuai dengan kondisi perusahaan, analisis risiko dilakukan menggunakan metode OCTAVE-S. Implementasi awal sistem manajemen keamanan informasi dilakukan menggunakan kontrol-kontrol pada ISO/IEC 27002. Prioritas utama hasil implementasi adalah penyusunan kebijakan dan prosedur serta peningkatan kesadaran keamanan informasi.
APA, Harvard, Vancouver, ISO, and other styles
10

Choi, Ju-Young, Eun-Jung Choi, and Myuhng-Joo Kim. "A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013." Journal of Digital Policy and Management 12, no. 1 (January 28, 2014): 405–14. http://dx.doi.org/10.14400/jdpm.2014.12.1.405.

Full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "IEC 27004"

1

Garay, Daniel Felipe Carnero, Antonio Carbajal Ramos Marcos, Jimmy Armas-Aguirre, and Juan Manuel Madrid Molina. "Information security risk management model for mitigating the impact on SMEs in Peru." IEEE Computer Society, 2020. http://hdl.handle.net/10757/656577.

Full text
Abstract:
El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado.
This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment.
Revisión por pares
APA, Harvard, Vancouver, ISO, and other styles
2

Palička, Jan. "Systémové řešení bezpečnosti informací v organizaci." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-316954.

Full text
Abstract:
This diploma thesis deals with ISMS implementation in Netcope Technologies, a. s., which is involved in the production of network cards for high speed acceleration. This thesis is divided into two logical parts. In the first part the theoretical basis information is presented, including selected methods for implementing information security. In the second part, the analysis of the company and the proposed measures are presented.
APA, Harvard, Vancouver, ISO, and other styles
3

Santos, Valdeci Otacilio dos. "Um modelo de sistema de gestão da segurança da informação baseado nas normas ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008." [s.n.], 2012. http://repositorio.unicamp.br/jspui/handle/REPOSIP/259797.

Full text
Abstract:
Orientador: Renato Baldini Filho
Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação
Made available in DSpace on 2018-08-21T18:11:43Z (GMT). No. of bitstreams: 1 Santos_ValdeciOtaciliodos_M.pdf: 1681366 bytes, checksum: 4ed0e181fcbc30a368afc34e5d374cec (MD5) Previous issue date: 2012
Resumo: O crescimento constante de ameaças e vulnerabilidades nos sistemas de informação faz com que a preocupação por parte dos administradores sobre a segurança desses sistemas também seja intensificada. Na busca de um nível adequado de segurança da informação, estão sendo criadas e aperfeiçoadas, não somente no Brasil, mas em escala mundial, legislações e normatizações que tratam sobre esse tema tão importante nos dias atuais. Este trabalho tem como objetivo propor um modelo de sistema de gestão da segurança da informação, com modelagem de processos e descrição das atividades, que contemple as principais diretrizes preconizadas nas normas ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008. O modelo proposto visa guiar a implementação de um novo sistema de gestão da segurança da informação em uma organização ou verificar a conformidade de um sistema já existente. O trabalho compreende uma aplicação prática do modelo proposto, em que foi executado um levantamento do nível de aderência das atividades desenvolvidas nos diversos processos que compõem um sistema de gestão da segurança da informação de uma organização, com o que está previsto no modelo e, consequentemente, nas normas utilizadas como referência. Na avaliação dos resultados da verificação realizada foi possível obter uma visão geral da situação em que se encontra a gestão da segurança da informação da organização, bem como a verificação dos pontos que estão de acordo com a normatização e daqueles que necessitam aprimoramentos
Abstract: The steady growth of threats and vulnerabilities in the information systems causes an intensified concern among administrators about the security of these systems. In search of an appropriate level of information security are being created and improved, not only in Brazil but worldwide, laws and regulations that deal with this important issue. This work aims to propose a model of information security management system with process modeling and description of activities, covering the main guidelines recommended in the standards ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008. The proposed model aims to guide the implementation of a new system for managing information security in an organization or verify the conformity of an existing system. The work includes a practical application of the proposed model, that was carried out a survey on the level of activities adhesion in the various processes that comprise a information security management system within an organization, what is envisaged in the model and consequently, the standards used as reference. In assessing the results of the verification carried out was possible to obtain an overview of the situation in which the information security management system of the organization is, as well as the verification of the points that are in accordance with norms and those that need improvement
Mestrado
Telecomunicações e Telemática
Mestre em Engenharia Elétrica
APA, Harvard, Vancouver, ISO, and other styles
4

Kryštof, Tomáš. "Návrh na zavedení nutných oblastí ISMS na základní škole." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241476.

Full text
Abstract:
This master thesis is concerned with the information security on a specific primary school. In the first and second part of this thesis there is an endeavor to provide basic theoretical starting points about ISMS issues, and to get an overview about the current state of the information security at the primary school. This is followed by the practical part where there is the proposal of suitable security steps and recommendation for solution of the most important tasks from the ICT management security perspective.
APA, Harvard, Vancouver, ISO, and other styles
5

Vyhňák, Petr. "Návrh zavedení bezpečnostních opatření v souladu s ISMS pro společnost." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-402086.

Full text
Abstract:
The master thesis deals with the proposal of introduction security countermeasures in accordance with the information security management system for the company. The theoretical part is defined in the first part of the thesis. The next part introduces the company, describes the current state of security and analysis security countermeasures with the help of supporting material. The last part includes the proposal to introduce new security countermeasures. The thesis includes risk analysis, design of selected security countermeasures including the implementation procedure with a time schedule and economic evaluation.
APA, Harvard, Vancouver, ISO, and other styles
6

Al-Botani, Nidaa. "Informationssäkerhet i organisationer - Utvärdering av Folktandvårdens informationssäkerhet inom Region Jönköpings län." Thesis, Tekniska Högskolan, Högskolan i Jönköping, JTH, Data- och elektroteknik, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-28245.

Full text
Abstract:
Information är idag en värdefull resurs i organisationer som blir mer och mer beroende av sina informationssystem. Information utsätts för olika hot och den behöver skyddas för att organisationer effektivt ska kunna driva sin verksamhet. Ett systematiskt informationssäkerhetsarbete hjälper organisationer att uppnå och upprätthålla en tillräcklig nivå av informationssäkerhet.   Studiens syfte är att undersöka hur informationssäkerhet hanteras inom organisationer i allmänhet i nuläget. En fallstudie har genomförts på Folktandvården, Region Jönköpings län för att undersöka hur Folktandvårdens medarbetare hanterar informationssäkerheten. Dessutom syftar studien till att utvärdera medvetenhet om informationssäkerhet hos medarbetarna på Folktandvården och att presentera förslag på hur hanteringen av personuppgifter kan förbättras i organisationer.  Blandade tekniker har använts för att samla information.  Litteraturstudier inom området informationssäkerhet har genomförts. Empirisk data har samlats in genom en enkätundersökning, intervjuer och skriftliga frågor som har skickats via e-post till utvalda ansvariga som jobbar specifikt med frågor som berör informationssäkerhet inom Folktandvården. Denna studie använder de svenska standarderna SS-ISO/IEC 27001:2014 och SS-ISO/IEC 27002:2014 för att utvärdera informationssäkerhet på Folktandvården, Region Jönköpings län samt att få en bild av hur informationssäkerhet hanteras inom organisationer. Organisationer kan upprätthålla säkerhet i sin informationshantering genom att tillämpa ett ledningssystem för informationssäkerhet (LIS) som bevarar konfidentialitet, riktighet (integritet) och tillgänglighet av information.  Informationssäkerhetsarbetet och införandet av LIS skiljer sig mellan organisationer eftersom de kan påverkas av organisationens behov och mål, storlek och struktur. Fallstudiens resultat visar att Folktandvården, Region Jönköpings län genomför en aktiv hantering av informationssäkerhet. Folktandvården klarar de flesta kraven som ställdes i standarderna. Däremot föreslås det i studien att fler utbildningsprogram ordnas för att öka medvetenheten kring informationssäkerhet. Dessa utbildningsprogram bör uppdateras regelbundet för att det fortsätter att vara i linje med organisatoriska policy och rutiner. Det rekommenderas även att organisationen utför informationsklassning fullt ut enligt den modellen som Folktandvården har. Dessutom rekommenderas att utveckla planeringen av kontinuitet för informationssäkerhet. Resultatet från enkätundersökningen visar att medarbetarna är medvetna om hur de hanterar informationssäkerhetsincidenter och upplever att systemen är tillgängliga för de behöriga. Flera av de förslag som presenterades av denna studie har hörsammats och kommer att leda till vidare arbete inom Folktandvården. Organisationers personuppgifter bör skyddas genom att tillämpa regler enligt gällande författningar. En ansvarig person i organisationen bör ge vägledning till de anställda om sitt ansvar för hantering av personuppgifter.
Information today is a valuable resource for organizations which become more and more dependent on their information systems. Information subject to various threats and the need to be protected in order that organizations can effectively run their business. A systematic information security helps organizations to achieve and maintain a sufficient level of information security. The study aims to investigate how information is managed within organizations in general. A case study has been performed in Folktandvården (the Public Dental Service), Region Jönköping County to investigate how the organization handle information security. In addition, the study aims to evaluate awareness of information security among employees at the business and to present proposals on how to improve handling of personal data. Mixed techniques have been used to gather information. Literature studies in the field of information security has been implemented. The empirical data collected through a questionnaire, interviews and written questions sent by e-mail to managers in Folktandvården. This study uses the standards SS-ISO / IEC 27001:2014 and SS-ISO / IEC 27002:2014 to evaluate the information in Folktandvården, Region Jönköping County and to get a picture of how information is managed within organizations. Organizations can maintain the security of their information by implementing an information security management system (ISMS) that preserves the confidentiality, integrity and availability of information. Information security and ISMS application differs between organizations, which could be affected by the organization's needs and goals, size and structure. Case study results show that Folktandvården, Region Jönköping County implements an active management of information. The organization manages most of the specifications in the standards. However this study proposes to organize more training programs for information security awareness. These programs should be updated regularly in order to continue to be in line with organizational policies and procedures. It is recommended that the organization performs information classification fully in accordance with the model it has. Additionally, it is recommended to develop the planning of continuity for information. The results from the questionnaire show that the employees are aware of how they handle information security incidents and they think that the systems are available for authorized access. Several of the proposals presented by this study have been heeded and will lead to further work in Folktandvården. Organizations' personal information should be protected by applying the rules in accordance with applicable regulations. A responsible person in the organization should provide guidance to employees about their responsibility for the handling of personal data.
APA, Harvard, Vancouver, ISO, and other styles
7

Soukop, Tomáš. "Systém pro podporu auditu managementu informační bezpečnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2012. http://www.nusl.cz/ntk/nusl-236503.

Full text
Abstract:
This master thesis describes creation of system for audit support of information security management. In the next chapters I will explain what is the information security, system of information security, audit system and what standards we have for this. Last but not least is described how to create a system for audit support. The whole design is created with usage of standards for quality management and information security management. System is oriented for web environment.
APA, Harvard, Vancouver, ISO, and other styles
8

Alila, Patrick. "Complementing network security to the ISO/IEC 27000 standard." Thesis, Linköpings universitet, Institutionen för teknik och naturvetenskap, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-96298.

Full text
Abstract:
I syfte att öppna upp nya affärsmöjligheter för informationssäkerhetsföretaget Secure State AB, har detta arbete bedrivits för att komplettera företagets nuvarande standard för informationssäkerhetsarbete med ytterligare nätverkssäkerhet. Krav på slutresultatet var att dokumentet eller standarden skulle kunna komplettera ISO 27000, samt vara kostnadseffektivt. Efter en undersökning av den nämnda standarden konstaterades att enbart ISO 27000 i sig inte är ett fullgott verktyg för nätverkssäkerhetsarbete, på grund av dess icke-tekniska inriktning och målgrupp. Att komplettera ISO 27000 med av författaren utarbetade krav var inte heller att föredra, då syftet med ett standardiserat arbetssätt därmed försvinner. Det är bättre och attraktivare för kunden att använda sig av specifika tekniska standarder och rekommendationer. Sökandet efter en kompletterande standard påbörjades däför enligt dessa kriterier Kompatibilitet med ISO 27000 Teknisk inriktning Kostnadseffektiv Attraktiv att arbeta efter ISO 18028 uppfyller dessa krav mycket bra på samtliga punkter och är därmed bäst lämpad att arbeta efter av de tre standarder/rekommendationer som undersöktes mot kravlistan. Därför bör också Secure State välja att utföra nätverkssäkerhetsarbetet förankrat i ISO 18028 med följande förväntade resultat. Fig. 10, Förväntat resultat av komplettering till ISO 27000. Högst upp ser vi de allmäna informationssäkerhetspolicies samtliga anställda följer. Som nivå två finns ISO 27000, vilket är ledningens system för hur informationssäkerhetsarbetet övergripande ska hanteras. Längst ned ser vi den tekniska skyddsutrustningen som administreras av tekniker som följer lämpliga dokument. Denna rapport har identifierat ISO 18028 för säkerheten i nätverk, övriga återstår att vid behov identifiera för annan teknisk utrustning.
APA, Harvard, Vancouver, ISO, and other styles
9

Kohoutek, Josef. "Zavádění bezpečnostních opatření dle ISMS do malé společnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241610.

Full text
Abstract:
In my master´s thesis I focus on the design of information security management system for the company INNC s.r.o., which specializes in the design and implementation of computer networks. The thesis is divided into two parts. The first part provides theoretical knowledge of the issue. Second part is the analysis and proposal of security measures.
APA, Harvard, Vancouver, ISO, and other styles
10

Nemec, Tomáš. "Návrh metodiky pro příručku ISMS a opatření aplikované na vybrané oblasti." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224225.

Full text
Abstract:
Content of this thesis is a methodology for creating ISMS Security Manual. Implementation of the proposal is supported by theoretical knowledge in the introductory part of this work. Practical process design methodology is conditional on the structure of the international standard ISO/IEC 27001:2005.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "IEC 27004"

1

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. Praxisbuch ISO/IEC 27001. München: Carl Hanser Verlag GmbH & Co. KG, 2011. http://dx.doi.org/10.3139/9783446430563.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Kersten, Heinrich. IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz: Der Weg zur Zertifizierung. Wiesbaden: Vieweg, 2008.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

Information security policy development for compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA standard, PCI DSS V2.0, and AUP V5.0. Boca Raton, FL: CRC Press, Taylor & Francis Group, 2013.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

Implementing the ISO/IEC 27001 Information Security Management System Standard. Artech House Publishers, 2007.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
5

Humphreys, Ted, and Angelika Plate. Measuring the Effectiveness of Your ISMS Implementations Based on ISO/IEC 27001. BSI Standards, 2006.

Find full text
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "IEC 27004"

1

Klipper, Sebastian. "ISO/IEC 27005." In Information Security Risk Management, 59–96. Wiesbaden: Springer Fachmedien Wiesbaden, 2015. http://dx.doi.org/10.1007/978-3-658-08774-6_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Klipper, Sebastian. "ISO/IEC 27005." In Information Security Risk Management, 63–97. Wiesbaden: Vieweg+Teubner, 2011. http://dx.doi.org/10.1007/978-3-8348-9870-8_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Zertifizierungsmöglichkeiten nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001, 163–74. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.007.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Begriffsbildung nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001, 175–91. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.008.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Zertifizierungsmöglichkeiten nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001, 145–55. München: Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.007.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Begriffsbildung nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001, 157–238. München: Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.008.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "ISO/IEC 27001 – Spezifikationen und Mindestanforderungen." In Praxisbuch ISO/IEC 27001, 35–71. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.004.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Abdruck der DIN ISO/IEC 27001." In Praxisbuch ISO/IEC 27001, 193–229. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "ISO/IEC 27001 – Spezifikationen und Mindestanforderungen." In Praxisbuch ISO/IEC 27001, 29–62. München: Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.004.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Einführung und Basiswissen." In Praxisbuch ISO/IEC 27001, 1–11. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.001.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "IEC 27004"

1

Watson, Venesa, Edita Bajramovic, Xinxin Lou, and Karl Waedt. "Example of Graded and Lifecycle Phase-Specific Security Controls for Nuclear I&C and EPS Use Cases." In 2018 26th International Conference on Nuclear Engineering. American Society of Mechanical Engineers, 2018. http://dx.doi.org/10.1115/icone26-81601.

Full text
Abstract:
Working Group WGA9 of IEC SC45A (Nuclear I&C and ES), has recently completed a further working draft (WD) of the new IEC 63096 (unpublished) standard, aptly entitled Nuclear Power Plants – Instrumentation, Control and Electrical Systems – Security Controls. IEC 63096 specifically focuses on the selection and application of computer security controls for computer-based I&C and ES systems. This standard follows the commonly accepted ISO/IEC 27000 series security objectives of confidentiality, integrity and availability, and borrows and expands the objectives and implementation guidance from ISO/IEC 27002, while considering recommendations on sector-specific standards by ISO/IEC 27009. In addition, this guidance introduces a security grading, as well as lifecycle phase-specific controls. The grading aligns with the stringency of security controls, starting with Baseline Requirements (BR), Security Degree S3 and up to S1 (from lowest to highest degree). The lifecycle phase concerns the I&C development (D), project engineering (E) and operation and maintenance phases (O). This paper applies a sub-clause of IEC 63096 clause 15 (Supplier Relationships), to a programmable logic controller (PLC) that is typically used in power plants, to show the intended use of this standard and how it complements highest safety requirements in power plants. The Supplier Relationship clause concerns topics related to supply chain security, and is used to develop a use case example for the PLC. This example demonstrates how the controls and security degrees fits the implementation guidance from ISO/IEC 27002 and how they can be methodically applied to an I&C system.
APA, Harvard, Vancouver, ISO, and other styles
2

"ISO/IEC 15504 BEST PRACTICES TO FACILITATE ISO/IEC 27000 IMPLEMENTATION." In International Conference on Evaluation of Novel Approaches to Software Engineering. SciTePress - Science and and Technology Publications, 2010. http://dx.doi.org/10.5220/0003001001920198.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Alencar, Gliner Dias, and Hermano Perrelli de Moura. "MODELO DE MATURIDADE PARA SEGURANÇA DA INFORMAÇÃO: UMA PROPOSTA BASEADA NA ISO/IEC 27001 e 27002 ADERENTE AOS PRINCÍPIOS DA GOVERNANÇA ÁGIL." In 14th CONTECSI International Conference on Information Systems and Technology Management. TECSI, 2017. http://dx.doi.org/10.5748/9788599693131-14contecsi/doc-4959.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Leitner, Alexander, and Ingrid Schaumuller-Bichl. "ARiMA - A New Approach to Implement ISO/IEC 27005." In 2009 2nd International Symposium on Logistics and Industrial Informatics (LINDI 2009). IEEE, 2009. http://dx.doi.org/10.1109/lindi.2009.5258624.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

AlKilani, Hamzeh, and Abdallah Qusef. "OSINT Techniques Integration with Risk Assessment ISO/IEC 27001." In DATA'21: International Conference on Data Science, E-learning and Information Systems 2021. New York, NY, USA: ACM, 2021. http://dx.doi.org/10.1145/3460620.3460736.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Sussy, Bayona, Chauca Wilber, Lopez Milagros, and Maldonado Carlos. "ISO/IEC 27001 implementation in public organizations: A case study." In 2015 10th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 2015. http://dx.doi.org/10.1109/cisti.2015.7170355.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Iqbal, Ahmad, Daisuke Horie, Yuichi Goto, and Jingde Cheng. "A Database System for Effective Utilization of ISO/IEC 27002." In 2009 Fourth International Conference on Frontier of Computer Science and Technology (FCST). IEEE, 2009. http://dx.doi.org/10.1109/fcst.2009.88.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

"A GAP ANALYSIS TOOL FOR SMES TARGETING ISO/IEC 27001 COMPLIANCE." In 12th International Conference on Enterprise Information Systems. SciTePress - Science and and Technology Publications, 2010. http://dx.doi.org/10.5220/0002865504130416.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

"A Comparative Review of Cloud Security Proposals with ISO/IEC 27002." In International Workshop on Security in Information Systems. SciTePress - Science and and Technology Publications, 2011. http://dx.doi.org/10.5220/0003546900030012.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Fenz, Stefan, Gernot Goluch, Andreas Ekelhar, Bernhard Riedl, and Edgar Weippl. "Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard." In 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007). IEEE, 2007. http://dx.doi.org/10.1109/prdc.2007.29.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "IEC 27004"

1

Health hazard evaluation report: HETA-97-0107-2700, ADI Systems, Inc., Salina, Kansas. U.S. Department of Health and Human Services, Public Health Service, Centers for Disease Control and Prevention, National Institute for Occupational Safety and Health, July 1998. http://dx.doi.org/10.26616/nioshheta9701072700.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'IEC 27004' for particular source types:
Journal articles Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography