Search results for "Security controls"
showing 4 items of 4 documents
Aligning Two Specifications for Controlling Information Security
2014
Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/ IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a tool to verify maturity of information security practices. KATAKRI defines both security control objectives and security controls to meet an objective. Here the authors compare and align these two specifications in…
Security Controls for Smart Buildings with Shared Space
2022
In this paper we consider cyber security requirements of the smart buildings. We identify cyber risks, threats, attack scenarios, security objectives and related security controls. The work was done as a part of a smart building design and construction work. From the controls identified w e concluded security practices for engineering-in smart buildings security. The paper provides an idea toward which system security engineers can strive in the basic design and implementation of the most critical components of the smart buildings. The intent of the concept is to help practitioners to avoid ad hoc approaches in the development of security mechanisms for smart buildings with shared space. pe…
Tailorable Representation of Security Control Catalog on Semantic Wiki
2018
Selection of security controls to be implemented is an essential part of the information security management process in an organization. There exist a number of readily available information security management system standards, including control catalogs, that could be tailored by the organizations to meet their security objectives. Still, it has been noted that many organizations tend to lack even the implementation of the fundamental security controls. At the same time, semantic wikis have become popular collaboration and information sharing platforms that have proven their strength as an effective way to distribute domain-specific information within an organization. This paper evaluates…
Supporting Cyber Resilience with Semantic Wiki
2016
Cyber resilient organizations, their functions and computing infrastructures, should be tolerant towards rapid and unexpected changes in the environment. Information security is an organization-wide common mission; whose success strongly depends on efficient knowledge sharing. For this purpose, semantic wikis have proved their strength as a flexible collaboration and knowledge sharing platforms. However, there has not been notable academic research on how semantic wikis could be used as information security management platform in organizations for improved cyber resilience. In this paper, we propose to use semantic wiki as an agile information security management platform. More precisely, t…