Academic literature on the topic 'ISO/IEC 27004'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'ISO/IEC 27004.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "ISO/IEC 27004"
Winarni, Ade. "Penilaian Tingkat Efektivitas Penerapan Keamanan Sistem Informasi Menggunakan Iso/Iec 27004:2009 Dan Iso/Sni 27001:2009 (Studi." Jurnal Bangkit Indonesia 5, no. 2 (October 31, 2016): 90. http://dx.doi.org/10.52771/bangkitindonesia.v5i2.77.
Full textAldya, A. P., S. Sutikno, and Y. Rosmansyah. "Measuring effectiveness of control of information security management system based on SNI ISO/IEC 27004: 2013 standard." IOP Conference Series: Materials Science and Engineering 550 (August 23, 2019): 012020. http://dx.doi.org/10.1088/1757-899x/550/1/012020.
Full textDisterer, Georg. "ISO/IEC 27000, 27001 and 27002 for Information Security Management." Journal of Information Security 04, no. 02 (2013): 92–100. http://dx.doi.org/10.4236/jis.2013.42011.
Full textDiamantopoulou, Vasiliki, Aggeliki Tsohou, and Maria Karyda. "From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls." Information & Computer Security 28, no. 4 (June 8, 2020): 645–62. http://dx.doi.org/10.1108/ics-01-2020-0004.
Full textال فيحان, اثير عبد الهادي, and عامر حمدي عبد غريب. "تقييم نظام أدارة امن المعلومات في الهيئة العراقية للحاسبات والمعلوماتية على وفق المواصفة الدولية (ISO/IEC 27001:2013." Journal of Economics and Administrative Sciences 21, no. 86 (December 1, 2015): 1. http://dx.doi.org/10.33095/jeas.v21i86.764.
Full textSugianto, Anindya Dwi Lestari, Febriliyan Samopa, and Hanim Maria Astuti. "PENILAIAN DAN KONTROL RISIKO TERHADAP INFRASTRUKTUR DAN KEAMANAN INFORMASI BERDASARKAN STANDAR ISO/IEC 27001:2013 (STUDI KASUS: INSTITUT TEKNOLOGI SEPULUH NOPEMBER)." Sebatik 24, no. 1 (June 18, 2020): 96–101. http://dx.doi.org/10.46984/sebatik.v24i1.910.
Full textMauladani, Furqon, and Daniel Oranova Siahaan. "Perancangan SMKI Berdasarkan SNI ISO/IEC27001:2013 dan SNI ISO/IEC27005:2013 (Studi Kasus DPTSI-ITS)." CSRID (Computer Science Research and Its Development Journal) 10, no. 1 (March 27, 2018): 32. http://dx.doi.org/10.22303/csrid.10.1.2018.32-43.
Full textChoi, Ju-Young, Eun-Jung Choi, and Myuhng-Joo Kim. "A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013." Journal of Digital Policy and Management 12, no. 1 (January 28, 2014): 405–14. http://dx.doi.org/10.14400/jdpm.2014.12.1.405.
Full textHermawan, Wawan. "Perancangan Manajemen Risiko Keamanan Informasi pada Penyelenggara Sertifikasi Elektronik (PSrE)." Jurnal Telekomunikasi dan Komputer 9, no. 2 (August 31, 2019): 129. http://dx.doi.org/10.22441/incomtech.v9i2.6474.
Full textJendrian, Kai. "Der Standard ISO/IEC 27001:2013." Datenschutz und Datensicherheit - DuD 38, no. 8 (August 2014): 552–57. http://dx.doi.org/10.1007/s11623-014-0182-x.
Full textDissertations / Theses on the topic "ISO/IEC 27004"
Garay, Daniel Felipe Carnero, Antonio Carbajal Ramos Marcos, Jimmy Armas-Aguirre, and Juan Manuel Madrid Molina. "Information security risk management model for mitigating the impact on SMEs in Peru." IEEE Computer Society, 2020. http://hdl.handle.net/10757/656577.
Full textThis paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment.
Revisión por pares
Palička, Jan. "Systémové řešení bezpečnosti informací v organizaci." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-316954.
Full textSantos, Valdeci Otacilio dos. "Um modelo de sistema de gestão da segurança da informação baseado nas normas ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008." [s.n.], 2012. http://repositorio.unicamp.br/jspui/handle/REPOSIP/259797.
Full textDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação
Made available in DSpace on 2018-08-21T18:11:43Z (GMT). No. of bitstreams: 1 Santos_ValdeciOtaciliodos_M.pdf: 1681366 bytes, checksum: 4ed0e181fcbc30a368afc34e5d374cec (MD5) Previous issue date: 2012
Resumo: O crescimento constante de ameaças e vulnerabilidades nos sistemas de informação faz com que a preocupação por parte dos administradores sobre a segurança desses sistemas também seja intensificada. Na busca de um nível adequado de segurança da informação, estão sendo criadas e aperfeiçoadas, não somente no Brasil, mas em escala mundial, legislações e normatizações que tratam sobre esse tema tão importante nos dias atuais. Este trabalho tem como objetivo propor um modelo de sistema de gestão da segurança da informação, com modelagem de processos e descrição das atividades, que contemple as principais diretrizes preconizadas nas normas ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008. O modelo proposto visa guiar a implementação de um novo sistema de gestão da segurança da informação em uma organização ou verificar a conformidade de um sistema já existente. O trabalho compreende uma aplicação prática do modelo proposto, em que foi executado um levantamento do nível de aderência das atividades desenvolvidas nos diversos processos que compõem um sistema de gestão da segurança da informação de uma organização, com o que está previsto no modelo e, consequentemente, nas normas utilizadas como referência. Na avaliação dos resultados da verificação realizada foi possível obter uma visão geral da situação em que se encontra a gestão da segurança da informação da organização, bem como a verificação dos pontos que estão de acordo com a normatização e daqueles que necessitam aprimoramentos
Abstract: The steady growth of threats and vulnerabilities in the information systems causes an intensified concern among administrators about the security of these systems. In search of an appropriate level of information security are being created and improved, not only in Brazil but worldwide, laws and regulations that deal with this important issue. This work aims to propose a model of information security management system with process modeling and description of activities, covering the main guidelines recommended in the standards ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008. The proposed model aims to guide the implementation of a new system for managing information security in an organization or verify the conformity of an existing system. The work includes a practical application of the proposed model, that was carried out a survey on the level of activities adhesion in the various processes that comprise a information security management system within an organization, what is envisaged in the model and consequently, the standards used as reference. In assessing the results of the verification carried out was possible to obtain an overview of the situation in which the information security management system of the organization is, as well as the verification of the points that are in accordance with norms and those that need improvement
Mestrado
Telecomunicações e Telemática
Mestre em Engenharia Elétrica
Kryštof, Tomáš. "Návrh na zavedení nutných oblastí ISMS na základní škole." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241476.
Full textVyhňák, Petr. "Návrh zavedení bezpečnostních opatření v souladu s ISMS pro společnost." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-402086.
Full textSoukop, Tomáš. "Systém pro podporu auditu managementu informační bezpečnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2012. http://www.nusl.cz/ntk/nusl-236503.
Full textAl-Botani, Nidaa. "Informationssäkerhet i organisationer - Utvärdering av Folktandvårdens informationssäkerhet inom Region Jönköpings län." Thesis, Tekniska Högskolan, Högskolan i Jönköping, JTH, Data- och elektroteknik, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-28245.
Full textInformation today is a valuable resource for organizations which become more and more dependent on their information systems. Information subject to various threats and the need to be protected in order that organizations can effectively run their business. A systematic information security helps organizations to achieve and maintain a sufficient level of information security. The study aims to investigate how information is managed within organizations in general. A case study has been performed in Folktandvården (the Public Dental Service), Region Jönköping County to investigate how the organization handle information security. In addition, the study aims to evaluate awareness of information security among employees at the business and to present proposals on how to improve handling of personal data. Mixed techniques have been used to gather information. Literature studies in the field of information security has been implemented. The empirical data collected through a questionnaire, interviews and written questions sent by e-mail to managers in Folktandvården. This study uses the standards SS-ISO / IEC 27001:2014 and SS-ISO / IEC 27002:2014 to evaluate the information in Folktandvården, Region Jönköping County and to get a picture of how information is managed within organizations. Organizations can maintain the security of their information by implementing an information security management system (ISMS) that preserves the confidentiality, integrity and availability of information. Information security and ISMS application differs between organizations, which could be affected by the organization's needs and goals, size and structure. Case study results show that Folktandvården, Region Jönköping County implements an active management of information. The organization manages most of the specifications in the standards. However this study proposes to organize more training programs for information security awareness. These programs should be updated regularly in order to continue to be in line with organizational policies and procedures. It is recommended that the organization performs information classification fully in accordance with the model it has. Additionally, it is recommended to develop the planning of continuity for information. The results from the questionnaire show that the employees are aware of how they handle information security incidents and they think that the systems are available for authorized access. Several of the proposals presented by this study have been heeded and will lead to further work in Folktandvården. Organizations' personal information should be protected by applying the rules in accordance with applicable regulations. A responsible person in the organization should provide guidance to employees about their responsibility for the handling of personal data.
Alila, Patrick. "Complementing network security to the ISO/IEC 27000 standard." Thesis, Linköpings universitet, Institutionen för teknik och naturvetenskap, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-96298.
Full textLjunggren, Viktor, and Emil Freid. "Effekterna av en ISO/IEC 27001-certifiering : Upplevda förändringar bland små svenska organisationer." Thesis, Tekniska Högskolan, Jönköping University, JTH, Datateknik och informatik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-49716.
Full textSociety today is more connected and handles more information than ever before. The information is handled to a greater extent by IT systems, where the requirements for secure information management have increased. To manage this increase in information flow, organization can implement an information security management system (ISMS). It takes both time and resources to design and implement an ISMS. For this investment to be profitable, it should also provide additional value for companies. In order to standardize and specify the structure of ISMS, ISO/IEC 27001 (Standard for ISMS) has been developed and implemented by companies all over the world. The purpose of this study is to identify the changes that an ISO/IEC 27001-certification leads to for small organisations in Sweden. An interview study has been conducted and semi-structured interviews has been used for data collection. Based on the collected empirical evidence, six categories have been identified and described thematically for each informant. The study shows that organisations get a better process and control over information security and a strengthened information security culture. In addition, information security is said to have improved among organisations through various security measures. In addition communications with customers have been simplified, whenever information security is discussed. The study examines the impact of ISO/IEC 27001-certification on four organisations, in order to ensure diversity of the empirical evidence collected. This was done with one informant per organisation, with an overview of both the organisation and the certification. The study examines organisations that are already certified, since the organisation need to have implemented the ISO/IEC 27001 standard. Neither the certification process, the security measures, the implementation nor the application of the management system have been investigated in this study.
Coetzer, Christo. "An investigation of ISO/IEC 27001 adoption in South Africa." Thesis, Rhodes University, 2015. http://hdl.handle.net/10962/d1018669.
Full textBooks on the topic "ISO/IEC 27004"
Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. Praxisbuch ISO/IEC 27001. München: Carl Hanser Verlag GmbH & Co. KG, 2011. http://dx.doi.org/10.3139/9783446430563.
Full textKersten, Heinrich. IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz: Der Weg zur Zertifizierung. Wiesbaden: Vieweg, 2008.
Find full textInformation security policy development for compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA standard, PCI DSS V2.0, and AUP V5.0. Boca Raton, FL: CRC Press, Taylor & Francis Group, 2013.
Find full textImplementing the ISO/IEC 27001 Information Security Management System Standard. Artech House Publishers, 2007.
Find full textHumphreys, Ted, and Angelika Plate. Measuring the Effectiveness of Your ISMS Implementations Based on ISO/IEC 27001. BSI Standards, 2006.
Find full textBook chapters on the topic "ISO/IEC 27004"
Klipper, Sebastian. "ISO/IEC 27005." In Information Security Risk Management, 59–96. Wiesbaden: Springer Fachmedien Wiesbaden, 2015. http://dx.doi.org/10.1007/978-3-658-08774-6_3.
Full textKlipper, Sebastian. "ISO/IEC 27005." In Information Security Risk Management, 63–97. Wiesbaden: Vieweg+Teubner, 2011. http://dx.doi.org/10.1007/978-3-8348-9870-8_3.
Full textBrenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Zertifizierungsmöglichkeiten nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001, 163–74. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.007.
Full textBrenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Begriffsbildung nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001, 175–91. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.008.
Full textBrenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Zertifizierungsmöglichkeiten nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001, 145–55. München: Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.007.
Full textBrenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Begriffsbildung nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001, 157–238. München: Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.008.
Full textBrenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "ISO/IEC 27001 – Spezifikationen und Mindestanforderungen." In Praxisbuch ISO/IEC 27001, 35–71. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.004.
Full textBrenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Abdruck der DIN ISO/IEC 27001." In Praxisbuch ISO/IEC 27001, 193–229. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.009.
Full textBrenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "ISO/IEC 27001 – Spezifikationen und Mindestanforderungen." In Praxisbuch ISO/IEC 27001, 29–62. München: Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.004.
Full textBrenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Die Standardfamilie ISO/IEC 27000 im Überblick." In Praxisbuch ISO/IEC 27001, 13–22. München: Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.002.
Full textConference papers on the topic "ISO/IEC 27004"
Watson, Venesa, Edita Bajramovic, Xinxin Lou, and Karl Waedt. "Example of Graded and Lifecycle Phase-Specific Security Controls for Nuclear I&C and EPS Use Cases." In 2018 26th International Conference on Nuclear Engineering. American Society of Mechanical Engineers, 2018. http://dx.doi.org/10.1115/icone26-81601.
Full text"ISO/IEC 15504 BEST PRACTICES TO FACILITATE ISO/IEC 27000 IMPLEMENTATION." In International Conference on Evaluation of Novel Approaches to Software Engineering. SciTePress - Science and and Technology Publications, 2010. http://dx.doi.org/10.5220/0003001001920198.
Full textLeitner, Alexander, and Ingrid Schaumuller-Bichl. "ARiMA - A New Approach to Implement ISO/IEC 27005." In 2009 2nd International Symposium on Logistics and Industrial Informatics (LINDI 2009). IEEE, 2009. http://dx.doi.org/10.1109/lindi.2009.5258624.
Full textAlKilani, Hamzeh, and Abdallah Qusef. "OSINT Techniques Integration with Risk Assessment ISO/IEC 27001." In DATA'21: International Conference on Data Science, E-learning and Information Systems 2021. New York, NY, USA: ACM, 2021. http://dx.doi.org/10.1145/3460620.3460736.
Full textBejtullahu, Driton S., Edmond Hajrizi, and Naim Preniqi. "Benefits of Implementation of the Systems Management Systems Standards in Kosovo (ISO 9001, ISO / IEC 27001 and ISO / IEC 20000)." In University for Business and Technology International Conference. Pristina, Kosovo: University for Business and Technology, 2018. http://dx.doi.org/10.33107/ubt-ic.2018.199.
Full textSussy, Bayona, Chauca Wilber, Lopez Milagros, and Maldonado Carlos. "ISO/IEC 27001 implementation in public organizations: A case study." In 2015 10th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 2015. http://dx.doi.org/10.1109/cisti.2015.7170355.
Full textIqbal, Ahmad, Daisuke Horie, Yuichi Goto, and Jingde Cheng. "A Database System for Effective Utilization of ISO/IEC 27002." In 2009 Fourth International Conference on Frontier of Computer Science and Technology (FCST). IEEE, 2009. http://dx.doi.org/10.1109/fcst.2009.88.
Full text"A GAP ANALYSIS TOOL FOR SMES TARGETING ISO/IEC 27001 COMPLIANCE." In 12th International Conference on Enterprise Information Systems. SciTePress - Science and and Technology Publications, 2010. http://dx.doi.org/10.5220/0002865504130416.
Full text"A Comparative Review of Cloud Security Proposals with ISO/IEC 27002." In International Workshop on Security in Information Systems. SciTePress - Science and and Technology Publications, 2011. http://dx.doi.org/10.5220/0003546900030012.
Full textAlencar, Gliner Dias, and Hermano Perrelli de Moura. "MODELO DE MATURIDADE PARA SEGURANÇA DA INFORMAÇÃO: UMA PROPOSTA BASEADA NA ISO/IEC 27001 e 27002 ADERENTE AOS PRINCÍPIOS DA GOVERNANÇA ÁGIL." In 14th CONTECSI International Conference on Information Systems and Technology Management. TECSI, 2017. http://dx.doi.org/10.5748/9788599693131-14contecsi/doc-4959.
Full text