Process security methods and measurement in the context of standard management systems
By:
References
- Alolah, T., Stewart, R. A., Panuwatwanich, K., & Mohamed, S. (2014). Determining the causal relationships among balanced scorecard perspectives on school safety performance: Case of Saudi Arabia. <em>Accident Analysis & Prevention</em>, <em>68</em>, 57-74.
- Amer, F., Hammoud, S., Khatatbeh, H., Lohner, S., Boncz, I., & Endrei, D. (2022). The deployment of balanced scorecard in health care organisations: is it beneficial? A systematic review. <em>BMC Health Services Research</em>, <em>22</em>(1), 1-14.
- Anthony, R. N. (1965). <em>Planning and control systems: a framework for analysis</em>. Boston: Harvard Business School.
- Arsenault, B. (2023). <em>Your Biggest Cybersecurity Risks Could Be Inside Your Organisation</em>. Harvard Business Review. Retrieved from <ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://hbr.org/2023/03/your-biggest-cybersecurity-risks-could-be-inside-your-organisation">https://hbr.org/2023/03/your-biggest-cybersecurity-risks-could-be-inside-your-organisation</ext-link>
- Azour, F., Moussami, H. E., Dahbi, S., & Ezzine, L. (2017). Integration of health and safety at work and environment perspectives in the balanced scorecard. <em>Proceedings of the International Conference on Industrial Engineering and Operations Management Rabat Morocco</em>, 1113-1121.
- Badreddine, A., Romdhane, T. B., & Amor, N. B. (2009). A New Process-Based Approach for Implementing an Integrated Management System: Quality, Security, Environment. <em>International Multi-Conference of Engineers and Computer Scientists</em>, 1742-1747.
- Bakhtina, M., Matulevičius, R., & Seeba, M. (2023). Tool-supported method for privacy analysis of a business process model, <em>Journal of Information Security and Applications</em>, <em>76.</em> doi: <a href="https://doi.org/10.1016/j.jisa.2023.103525" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/j.jisa.2023.103525</a>
- Beheshti, A. R., Kamali, K., Arghami, S., & Mohammadi, A. (2018). Assessing the Performance of the Health, Safety and Environment Management System (HSE) using the Modified Balanced Scorecard Model. <em>Journal of Iranian Medical Council</em>, <em>1</em>(2), 87-95.
- Čiutienė, R., Čiarnienė, R., & Gaidelys, V. (2022). Safety and Health at the Workplace in the Context of COVID-19: The Case of a Dental Clinic. <em>Engineering Management in Production and Services,14</em>(2), 95-105. doi: <a href="https://doi.org/10.2478/emj-2022-0019" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.2478/emj-2022-0019</a>
- Corrales-Estrada, A. M., Gómez-Santos, L. L., Bernal-Torres, C. A., & Rodriguez-López, J. E. (2021). Sustainability and Resilience Organisational Capabilities to Enhance Business Continuity Management: A Literature Review. <em>Sustainability</em>, <em>13</em>(15), 8196. doi: <a href="https://doi.org/10.3390/su13158196" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.3390/su13158196</a>
- Daubner, L., Macak, M., Matulevičius, R., Buhnova, B., Maksović, S., & Pitner, T. (2023). Addressing insider attacks via forensic-ready risk management, <em>Journal of Information Security and Applications</em>, <em>73</em>. doi: <a href="https://doi.org/10.1016/j.jisa.2023.103433" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/j.jisa.2023.103433</a>
- Davis, R. (2008). Aris Design Platform (Advanced Process Modelling and Administration). Springer London Ltd.
- Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management. <em>Journal of Information Security</em>, <em>4</em>(2), 92-100. doi: <a href="https://doi.org/10.4236/jis.2013.42011" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.4236/jis.2013.42011</a>
- ENISA. (2006). Risk Management – Principles and Inventories for Risk Management/Risk Assessment methods and tools. Trusted Business Partners Technical Department of ENISA Section Risk Management ENISA.
- Erazo-Chamorro, V. C., Arciniega-Rocha, R. P., Nagy, R., Babos, T., & Szabo, Gy. (2022). Safety Workplace: The Prevention of Industrial Security Risk Factors. <em>Applied Sciences</em>, <em>12</em>(21). doi: <a href="https://doi.org/10.3390/app122110726" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.3390/app122110726</a>
- European Union. (2022). Country profiles EU-27. Retrieved from <ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://european-union.europa.eu/principles-countries-history/country-profiles_en">https://european-union.europa.eu/principles-countries-history/country-profiles_en</ext-link>
- Fatkieva, R., & Krupina, A. (2020). Enterprise Information Security Assessment Using Balanced Scorecard. Advances in Automation: Proceedings of the International Russian Automation Conference, RusAutoCon 2019, September 8-14, 2019, Sochi, Russia, 1147-1157.
- Fiore, A. P., Facin, A. L. F., & Muniz, J. Jr. (2023). Information security and quality management systems integration: challenges and critical factors. <em>International Journal for Quality Research</em>, <em>17</em>(3), 635-650.
- Giannopoulos, G., Holt, A., Khansalar, E., & Cleanthous, S. (2013). The use of the balanced scorecard in small companies. <em>International Journal of Business and Management</em>, <em>8</em>(14), 1-22. doi: <a href="https://doi.org/10.5539/ijbm." target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.5539/ijbm.</a> v8n14p1
- Graneheim, U. H., Lindgren, B. M., & Lundman, B. (2017). Methodological challenges in qualitative content analysis: A discussion paper. <em>Nurse Education Today</em>, <em>56</em>, 29-34.
- Hammer, M., & Champy, J. (1993). Reengineering the Corporation: A Manifesto for Business Revolution. <em>HarperBusiness.</em> doi: <a href="https://doi.org/10.1016/S0007-6813(05)80064-3" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/S0007-6813(05)80064-3</a>
- Herath, T. C., Herath, H. S., & Cullum, D. (2023). An information security performance measurement tool for senior managers: Balanced scorecard integration for security governance and control frameworks. <em>Information Systems Frontiers</em>, <em>25</em>(2), 681-721. <ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://isotc.iso.org/livelink/livelink/fetch/-8853493/8853511/8853520/18808772/0">https://isotc.iso.org/livelink/livelink/fetch/-8853493/8853511/8853520/18808772/0</ext-link>
- Humphreys, E. (2011). Information security management system standards. <em>Datenschutz und Datensicherheit – DuD</em>, <em>35</em>(1), 7-11. doi: <a href="https://doi.org/10.1007/s11623-011-0004-3" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1007/s11623-011-0004-3</a>
- International Organisation for Standardization (ISO). Management System Standards. Retrieved from <ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.iso.org/management-system-standards.html">https://www.iso.org/management-system-standards.html</ext-link>
- ISO 14001:2015. Environmental management systems — Requirements with guidance for use.
- ISO 22301:2019. Security and resilience — Business continuity management systems — Requirements.
- ISO 28000:2022. Security and resilience — Security management systems — Requirements.
- ISO 28001:2007. Security management systems for the supply chain — Best practices for implementing supply chain security, assessments and plans — Requirements and guidance.
- ISO 31000:2018. Risk management — Guidelines.
- ISO 37001:2016. Anti-bribery management systems — Requirements with guidance for use.
- ISO 45001:2018. Occupational health and safety management systems — Requirements with guidance for use.
- ISO 50001:2018. Energy management systems — Requirements with guidance for use.
- ISO 9001:2015. Quality management systems — Requirements.
- ISO Survey of certifications to management system standards – Full results. Retrieved from <ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://isotc.iso.org/livelink/livelink?func=ll&objId=18808772&objAction=browse&viewType=1">https://isotc.iso.org/livelink/livelink?func=ll&objId=18808772&objAction=browse&viewType=1</ext-link>
- ISO. (2019). <em>ISO 9001: 2015 How to use it</em>. International Organisation for Standardization. Retrieved from <ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.iso.org/files/live/sites/isoorg/files/store/en/PUB100373.pdf">https://www.iso.org/files/live/sites/isoorg/files/store/en/PUB100373.pdf</ext-link>
- ISO. (2021). The ISO Survey of Management System Standard Certifications – 2020 – Explanatory Note. International Organisation for Standardization. Retrieved from
- ISO/IEC 20000-1:2018. Information technology — Service management — Part 1: Service management system requirements.
- ISO/IEC 27001:2013. Information technology — Security techniques — Information security management systems — Requirements.
- ISO/IEC 27001:2013/Cor 1:2014. Information technology — Security techniques — Information security management systems — Requirements — Technical Corrigendum 1.
- ISO/IEC 27001:2013/Cor 2:2015. Information technology — Security techniques — Information security management systems — Requirements — Technical Corrigendum 2.
- ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection Information security management systems Requirements.
- ISO/IEC 27005:2022. Information security, cybersecurity and privacy protection Guidance on managing information security risks.
- Kaplan, R. S., & Norton, D. P. (1992). The balanced scorecard: measures that drive performance. <em>Harvard Business Review</em>, <em>70</em>(1), 71-79.
- Kaplan, R. S., & Norton, D. P. (1993). Putting the balanced scorecard to work. <em>Harvard Business Review</em>, <em>71</em>(5), 134-147.
- Keen, R. (2022). <em>Benefits of and Environmental Management System</em>. Retrieved from <ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.iso-9001-checklist.co.uk/ISO-14001/benefits-of-an-environmental-management-system.htm">https://www.iso-9001-checklist.co.uk/ISO-14001/benefits-of-an-environmental-management-system.htm</ext-link>
- Kemendi, A. (2022). The safety-net – the safety network of controls [A biztonság hálózata - a kontrollok biztonsági hálózata]. <em>Current Social and Economic Processes</em> [<em>Jelenkori T</em><em>á</em><em>rsadalmi é</em><em>s Gazdas</em><em>á</em><em>gi Folyamatok</em>], <em>17</em>(1-2), 77-90. doi: <a href="https://doi.org/10.14232/jtgf.2022.1-2.77-90" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.14232/jtgf.2022.1-2.77-90</a>
- Kemendi, A., Michelberger, P.; & Mesjasz-Lech, A. (2021). ICT security in businesses – efficiency analysis, <em>Entrepreneurship and Sustainability Issues</em>, <em>9</em>(1), 123-149. doi: <a href="https://doi.org/10.9770/jesi.2021.9.1(8)" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.9770/jesi.2021.9.1(8)</a>
- Kern, S., Baumer, T., Groll, S., Fuchs, L., & Pernul, G. (2022). Optimization of Access Control Policies. <em>Journal of Information Security and Applications, 70</em>. doi: <a href="https://doi.org/10.1016/j.jisa.2022.103301" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/j.jisa.2022.103301</a>
- Kilpatrick, J. (2003). Lean principles. <em>Utah Manufacturing Extension Partnership</em>, <em>68</em>(1), 1-5.
- Kitsios, F., Chatzidimitriou, E., & Kamariotou, M. (2023). The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector. <em>Sustainability</em>, <em>15</em>(7), 5828.
- Labodová, A. (2004). Implementing integrated management systems using a risk analysis based approach. <em>Journal of Cleaner Production, 12</em>(6), 571-580. doi: <a href="https://doi.org/10.1016/j." target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/j.</a> jclepro.2003.08.008
- Lin, W. C., & Cheng, H. H. (2021). Improving maritime safety through enhancing marine process management: The application of balanced scorecard. <em>Management Decision</em>, <em>59</em>(3), 604-615.
- Lindgren, B.-M., Lundman, B., Graneheim, U. H. (2020). Abstraction and interpretation during the qualitative content analysis process. <em>International Journal of Nursing Studies</em>, <em>108</em>. doi: <a href="https://doi.org/10.1016/j.ijnurstu.2020.103632" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/j.ijnurstu.2020.103632</a>
- Madsen, D. Ø., & Stenheim, T. (2015). The Balanced Scorecard: A Review of Five Research Areas. <em>American Journal of Management</em>, <em>15</em>(2), 24-41.
- Malina, M. A., & Selto, F. H. (2001). Communicating and Controlling Strategy: An Empirical Study of the Effectiveness of the Balanced Scorecard. <em>SSRN</em>. doi: <a href="https://doi.org/10.2139/ssrn.278939" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.2139/ssrn.278939</a>
- Mearns, K., & Ivar Håvold, J. (2003). Occupational health and safety and the balanced scorecard. <em>The TQM Magazine</em>, <em>15</em>(6), 408-423.
- Mendes, Jr., De Jesus Alvares, I., & Alves, M. D. C. (2023). The balanced scorecard in the education sector: A literature review. <em>Cogent Education</em>, <em>10</em>(1), 2160120.
- Michelberger, P. (2014). Risk Management for Business Trust. In: Michelberger, P. (Ed.) <em>MEB 2014: Management. Enterprise and Benchmarking in the 21st Century</em> (pp. 401-413). Budapest, Hungary: Óbuda University.
- Michelberger, P., & Kemendi, A. (2020). Data, information and IT security – software support for security activities. <em>Problems of Management in the 21st Century</em>, <em>15</em>(2), 108-124. doi: <a href="https://doi.org/10.33225/pmc/20.15.108" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.33225/pmc/20.15.108</a>
- Mohamed, S. (2003). Adaptation of the balanced scorecard to measure organisational safety culture. <em>Journal of Construction Research</em>, <em>4</em>(01), 45-57.
- O’Neill, P., & Sohal, A. S. (1999). Business Process Reengineering A review of recent literature. <em>Technovation, 19</em> (9), 571-581. doi: <a href="https://doi.org/10.1016/S0166-4972(99)00059-0" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/S0166-4972(99)00059-0</a>
- Peters, D. H., Noor, A. A., Singh, L. P., Kakar, F. K., Hansen, P. M., & Burnham, G. (2007). A balanced scorecard for health services in Afghanistan. <em>Bulletin of the world Health Organisation</em>, <em>85</em>(2), 146-151.
- Porter, M. E. (1985). <em>Competitive Advantage Creating and Sustaining Superior Performance.</em> New York, USA: Free Press.
- Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. <em>Information Management Journal – Prairie Village</em>, <em>39</em>(4), 60.
- Strauss, E., & Zecher, Ch. (2013). Management Control Systems: A Review, <em>Journal of Management Control, 23</em>, 233-268. doi: <a href="https://doi.org/10.1007/s00187-012-0158-7" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1007/s00187-012-0158-7</a>
- Swuste, P., Theunissen, J., Schmitz, P., Reniers, G, & Blokland, P. (2016). Process safety indicators, a review of literature. <em>Journal of Loss Prevention in the Process Industries, 40</em>, 162-173. doi: <a href="https://doi.org/10.1016/j." target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/j.</a> jlp.2015.12.020
- Tallau, L. J., Gupta, M., & Sharman, R. (2010). Information security investment decisions: evaluating the balanced scorecard method. <em>International Journal of Business Information Systems</em>, <em>5</em>(1), 34-57.
- Tawse, A., & Tabesh, P. (2023). Thirty years with the balanced scorecard: What we have learned. <em>Business Horizons</em>, <em>66</em>(1), 123-132.
- Tworek, K. (2023). IT reliability as a source of sustainability for organisations operating during the COVID-19 pandemic. <em>Engineering Management in Production and Services</em>,<em>15</em>(1) 29-40. doi: <a href="https://doi.org/10.2478/emj-2023-0003" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.2478/emj-2023-0003</a>
- Ulewicz, R., & Kucęba, R. (2016). Identification of problems of implementation of Lean concept in the SME sector. <em>Engineering Management in Production and Services</em>, <em>8</em>(1) 2016, doi: <a href="https://doi.org/10.1515/emj-2016-0002" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1515/emj-2016-0002</a>
- van der Aalst, W. M. P., La Rosa, M. & Santoro, F. M. (2016). Business Process Management: Don’t Forget to Improve the Process!. <em>Business and Information Systems Engineering, 58</em>(1), doi: <a href="https://doi.org/10.1007/s12599-015-0409-x" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1007/s12599-015-0409-x</a>
- van Zadelhogg, M. (2016). <em>The Biggest Cybersecurity Threats Are Inside Your Company</em>. Harvard Business Review. Retrieved from <ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://hbr.org/2016/09/the-biggest-cybersecurity-threats-are-inside-your-company">https://hbr.org/2016/09/the-biggest-cybersecurity-threats-are-inside-your-company</ext-link>
- Wallace, T. F., Kremzar, M. H., & Kremzar, M. (2001). <em>Erp – Making It Happen; The Implementers</em><em>’ Guide to Success with Enterprise Resource Planning.</em> John Wiley & Sons.
- Wolter, C., Menzel, M., Schaad, A., Miseldine, P., & Meinel, C. (2009). Model-driven business process security requirement specification. <em>Journal of Systems Architecture</em>, <em>55</em>, 211-222. doi: <a href="https://doi.org/10.1016/j.sysarc.2008.10.002" target="_blank" rel="noopener noreferrer" class="text-signal-blue hover:underline">10.1016/j.sysarc.2008.10.002</a>
Language: English
Page range: 148 - 165
Submitted on: Oct 1, 2023
Accepted on: Mar 15, 2024
Published on: Jul 18, 2024
Published by: Bialystok University of Technology
In partnership with: Paradigm Publishing Services
Publication frequency: 4 times per year
Related subjects:
© 2024 Agnes Kemendi, Pal Michelberger, published by Bialystok University of Technology
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.