{"title":"Situational approach to information security","authors":"L. Astakhova, I. Zemtsov","doi":"10.1109/USBEREIT.2018.8384570","DOIUrl":null,"url":null,"abstract":"The article justifies the imperatives of applying the situational approach to information security management (ISM). We modified the model of the Information Security Management System (ISMS), which is the basis of ISO/IEC 27005: 2011: we added the “Decision Making” stage after the “Determining the main criteria” step. The solution is to choose an approach to proccesing information security risks — their assessment, impact and taking — based on certain criteria. Using the developed algorithm, we implemented a cognitive software module of the information system management (ISM) in an educational institution. The use of the cognitive software module has significantly reduced the labor costs of specialists in the Information Security (IS) Department, including automation of the reporting procedures. The application of the situational approach allowed us to integrate a person into the automated system to ensure the cybersecurity of the educational sector.","PeriodicalId":176222,"journal":{"name":"2018 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/USBEREIT.2018.8384570","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
The article justifies the imperatives of applying the situational approach to information security management (ISM). We modified the model of the Information Security Management System (ISMS), which is the basis of ISO/IEC 27005: 2011: we added the “Decision Making” stage after the “Determining the main criteria” step. The solution is to choose an approach to proccesing information security risks — their assessment, impact and taking — based on certain criteria. Using the developed algorithm, we implemented a cognitive software module of the information system management (ISM) in an educational institution. The use of the cognitive software module has significantly reduced the labor costs of specialists in the Information Security (IS) Department, including automation of the reporting procedures. The application of the situational approach allowed us to integrate a person into the automated system to ensure the cybersecurity of the educational sector.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
