Have a personal or library account? Click to login

Considerations on the implementation steps for an information security management system

Proceedings of the International Conference on Business Excellence
Volume 12 (2018): Issue 1 (May 2018)
By:
Open Access
|Jun 2018

References

  1. AlHogail, A. (2015). Design and validation of information security culture framework., Computers in Human Behavior, 49, 567- 575.10.1016/j.chb.2015.03.054
    Search in Google ScholarBack to article
  2. Beckers K., Côté I., Fenz S., Hatebur D., Heisel M. (2014) A Structured Comparison of Security Standards. In: Heisel M., Joosen W., Lopez J., Martinelli F. (eds) Engineering Secure Future Internet Services and Systems. Lecture Notes in Computer Science, 8431, Springer, Cham.10.1007/978-3-319-07452-8_1
    Search in Google ScholarBack to article
  3. Da Veiga, A., Martins, N. (2015a). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162-176.10.1016/j.cose.2014.12.006
    Search in Google ScholarBack to article
  4. Da Veiga, A., Martins, N. (2015b). Information security culture and information protection culture: A validated assessment instrument. Computer Law & Security Report, 31, 243-256.10.1016/j.clsr.2015.01.005
    Search in Google ScholarBack to article
  5. Grance, T., Hash, J., Stevens, M., O’Neal, K., Bartol, N. (2003). SP 800-35 - Guide to Information Technology Security Services. Special Publication 800-35. National Institute of Standards and Technology - Technology Administration, U.S. Department of Commerce.10.6028/NIST.SP.800-35
    Search in Google ScholarBack to article
  6. Hohan, A.I., Olaru, M., Pirnea, I.C. (2016). Assessment and continuous improvement of information security based on TQM and business excellence principles, Procedia Economics and Finance, 00, 352-359.10.1016/S2212-5671(15)01404-5
    Search in Google ScholarBack to article
  7. Hoppe, O.A., Van Niekerk, J., Von Solms, R. (2002). The effective implementation of information security in organizations. IFIP/SEC2002 Security in the Information Society Visions and Perspectives International Conference, 17th Edition, May 7-9, Cairo, Egypt. 10.1007/978-0-387-35586-3_1
    Search in Google ScholarBack to article
  8. ISO/IEC 27001:2013. (2013). Information technology -- Security techniques -- Information security management systems - Requirements. Retrieved from https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en [16.02.2018].
    Search in Google ScholarBack to article
  9. ISO/IEC 27002:2013. (2013). Information technology -- Security techniques -- Code of practice for information security controls. Retrieved from https://www.iso.org/obp/ui/#iso:std:isoiec:27002:ed-2:v1:en [16.02.2019].
    Search in Google ScholarBack to article
  10. ISO/IEC 27003:2010. (2010). Information technology - Security techniques - Information security management system implementation guidance. Retrieved from https://www.iso.org/obp/ui/#iso:std:iso-iec:27003:ed-2:v1:en [16.02.2018].
    Search in Google ScholarBack to article
  11. Kadam, A. (2002). Implementation Methodology for Information Security Management System (to comply with BS 7799 Requirements). GSEC Practical Requirements (v.1.4b), SANS Institute, 2003.
    Search in Google ScholarBack to article
  12. Kiehne, J., Ceaușu, I., Arp, A.-K., Schüler, T. (2017). Middle management's role in strategy implementation projects, Proceedings of the International Conference ICBE 11th Edition, March 2017, Bucharest, Romania.10.1515/picbe-2017-0058
    Search in Google ScholarBack to article
  13. Maier, D., Olaru, M., Hohan, A., Maier, A. (2013). Development of an Organization by adopting the Integrated Management System, Proceedings of the 9th European Conference on Management Leadership and Governance, Nov 14-15, Klagenfurt, Austria.
    Search in Google ScholarBack to article
  14. Moule, B., Giavara, L. (1995). Policies, procedures and standards: an approach for implementation. Information Management & Computer Security, 3 (3), 7-16.10.1108/09685229510092057
    Search in Google ScholarBack to article
  15. Safa, N.S., Von Solms, R., Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 1-13.10.1016/j.cose.2015.10.006
    Search in Google ScholarBack to article
  16. Safa, N.S., Von Solms, R. (2016). An information security knowledge sharing model in organizations. Computers in Human Behavior, 57, 442-451.10.1016/j.chb.2015.12.037
    Search in Google ScholarBack to article
  17. Siponen, M., Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46 (5), 267 - 270.10.1016/j.im.2008.12.007
    Search in Google ScholarBack to article
  18. Soomro, Z.A., Shah, M. H., Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36, 215-225.10.1016/j.ijinfomgt.2015.11.009
    Search in Google ScholarBack to article
  19. Vroom C., von Solms R. (2002) A Practical Approach to Information Security Awareness in the Organization. In: Ghonaimy M.A., El-Hadidi M.T., Aslan H.K. (eds.) Security in the Information Society. IFIP Advances in Information and Communication Technology, 86, Springer, Boston, MA. 10.1007/978-0-387-35586-3_2
    Search in Google ScholarBack to article
  20. Wood, C. C. (2002). Information Security Policies Made Easy: A Comprehensive Set of Information Security Policies: Version 9.0. PentaSafe Security Technologies.
    Search in Google ScholarBack to article
DOI: https://doi.org/10.2478/picbe-2018-0043 | Journal eISSN: 2558-9652
Journal RSS Feed
Language: English
Page range: 476 - 485
Published on: Jun 15, 2018
Published by: Bucharest University of Economic Studies
In partnership with: Paradigm Publishing Services
Publication frequency: 1 issue per year
Keywords:
information security management system,
ISMS implementation steps,
ISMS implementation methodology,
Organizational security,
ISMS for small and medium enterprises,
protection of company’s data,
ISMS design
Related subjects:
Business and economics,
Political economics,
Political economics, other,
Business management,
Business management, other,
Industrial chemistry,
Energy harvesting and conversion

© 2018 Răzvan Cristian Ionescu, Ioana Ceaușu, Cristian Ilie, published by Bucharest University of Economic Studies
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.

Previous articleVolume 12 (2018): Issue 1 (May 2018)Next article