抽象的

Risk Management for ISO 27005 Decision support

Hanane Bahtit, Boubker Regragui

The security of information systems focuses on raising the level of business security while aligning with its strategy and objectives. The family of ISO 2700x, whose theme is: Information technology - Security techniques, allows taking into account all of these security problems, by offering a pack of uniform and standards that respect the continuous improvement cycle PDCA. Being closely linked to the security of information systems, the risk management consists of assessing the uncertainty of the future to make the best decision possible today. Risk management and all decision processes fall within this problematic. The decision making on the Information security risk management requires taking into account an increasing amount of data of different types and qualities. As a result, risk managers increasingly use computers to provide powerful tools for decision support. The aim of this article is to make an overview of the ISO 2700x, focusing more particularly on the content of the ISO 27005 standard, dedicated to information security risk management. In this context, a UML modeling of the processes of ISO 27005 is presented as an improvement of this modeling by criteria and indicators that support the quality of decision making in various decision points. This is the vision of increasing the efficiency and effectiveness of decision making process.

免责声明: 此摘要通过人工智能工具翻译,尚未经过审核或验证

索引于

学术钥匙
研究圣经
引用因子
宇宙IF
参考搜索
哈姆达大学
世界科学期刊目录
学者指导
国际创新期刊影响因子(IIJIF)
国际组织研究所 (I2OR)
宇宙

查看更多