Journal of Information Technology Applications and Management

Korea Data Strategy Society (한국데이터전략학회)
권호 표지
DOI QR코드

DOI QR Code

A Continuous Evaluation Processes for Information Security Management

  • Received : 2016.06.22
  • Accepted : 2016.07.22
  • Published : 2016.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Growing information threats have threatened organization to lose information security controls in these days. Many organizations have accepted the various information security management systems does mention necessity of a continuous evaluation process for the executions of information security management in a theoretical aspect. This study suggests a continuous evaluation process for information security management reflecting the real execution of managers and employees in organizations.

Keywords

References

  1. Choi, M. and Park, E., "The Influences of Enterprise Management Strategy on Information Security Effectiveness", International Journal of Applied Engineering Research, Vol. 11, No. 15, 2016, pp. 8686-8694.
  2. Choi, M., "An Evaluation Methodology of Information Systems in Business Contingency Planning", Journal of Information Technology Application and Management, Vol. 23, No. 1, 2016, pp. 119-128. https://doi.org/10.21219/jitam.2016.23.1.119
  3. Choi, M., "Leadership of Information Security Manager on the Effectiveness of Information Systems Security for Secure Sustainable Computing", Substantiality, Vol. 8, No. 7, 2016, pp. 1-21.
  4. Department of Homeland Security, Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS), 2010.
  5. Gilbert, G. A. and Gips, M. A., "SUPPLYSIDE CONTINGENCY PLANNING Contingency Planners Often Forget to Consider Key Elements of the Supply Chain", Security Management, Vol. 44, No. 3, 2000, pp. 70-75.
  6. Jo, S., Lee, Y., and Choi, M., "A Study on Factors Influencing Telecommunications Fraud : In the Case of Voice Phishing", Journal of Information Technology Service, Vol. 15, No. 2, 2016, pp. 35-49.
  7. NIST SP 800-37, Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems : A System Life Cycle Approach, 2010.
  8. NIST SP 800-64, Rev. 2, Security Considerations in the System Development Life Cycle, 2008.
  9. NIST SP 800-64, Revision 2, Security Considerations in the System Development Life Cycle, 2008.
  10. Shaw, G. L. and Harrald, J. R., "Identification of the Core Competencies Required of Executive Level Business Crisis and Continuity Managers", Journal of Homeland Security and Emergency Management, Vol. 1, No. 1, 2004.