Browse > Article
http://dx.doi.org/10.5762/KAIS.2010.11.2.703

A Study on Analysing Framework of Information Security Management Systems for Managing Business Risk  

Kim, Min-Sun (Department of Distribution Management, Hyupsung University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.11, no.2, 2010 , pp. 703-708 More about this Journal
Abstract
Various information sources and the increasing vulnerabilities of information systems could increase the risks of a business. The successful management of business risks depends on appropriate level of risks in business. Business risk management would be conducted in terms of financial risk management and information security management. The financial management and the information security management could not achieve an integrated business risk management. For developing the integrated business risk management, this study analyzes the various information security management systems such as ISMS, EA, ISO27001, COBIT, SPICE, Auditing. This study analyzes information security systems, which could be utilized in developing business risk management.
Keywords
Business Risk Management; Information Security; Framework;
Citations & Related Records
연도 인용수 순위
  • Reference
1 한국정보사회진흥원, 정보시스템감리점검해설서(안) V3.0, 2004.
2 한국정보보호진흥원, 정보보호관리체계 관리과정 가이드, 2003.
3 한국정보보호진흥원, 정보보호관리체계 위험관리 가이드, 2004.
4 Information technology - Security techniques - Information security management systems - Overview and vocabulary, ISO/IEC 2009.
5 ISO/IEC 12207 Amendment 1, Information Technology - Software Life Cycle Processes, May 1, 2002.
6 http://www.dnv.co.kr/binaries/BS7799 description, tcm34-89786_ref.txt. pp. 1-4 (BS7799 정보보 호경영시스템).
7 한국정보보호진흥원, 정보보호관리체계인증, http://www.kisa.or.kr/index.jsp
8 IT Governance Institute, COBIT 4.0.
9 한국정보보호진흥원, 정보보호관리체계 인증준비 가이드, 2005.
10 Carnegie Mellon Software Engineering Institute, Capability Maturity Model Integration(CMMI), Version1.1, 2002.