Instytucjonalizacja i standaryzacja zarzadzania ryzykiem w systemie bezpieczenstwa informacji w przedsiebiorstwie
INSTITUTIONALIZATION AND STANDARDIZATION OF INFORMATION SECURITY RISK MANAGEMENT IN ENTERPRISE
Author(s): Artur RotSubject(s): Economy
Published by: Wydawnictwo Uniwersytetu Ekonomicznego we Wrocławiu
Keywords: RISK MANAGEMENT; SECURITY OF INFORMATION SYSTEMS; ISO/IEC STANDARDS; COBIT
Summary/Abstract: Modern information systems are often complex, heterogeneous and dynamic. Technological progress and widespread use of information systems in business generate de¬pendencies that cause the increase of diversity, complexity, uncertainty and the amount of risk factors. Therefore risk management, focusing on finding the optimal relationship between the risks and the cost of security issues, becomes increasingly important. Risk cannot be com¬pletely avoided, so it must be properly managed. Therefore organizations should implement standards, guidelines and best practices. The article presents selected standards concerning a very rapidly developing area which is information security risk management in an organiza¬tion. The major ISO/IEC standards and selected best practices in this area are presented.
Journal: Informatyka Ekonomiczna
- Issue Year: 2011
- Issue No: 19
- Page Range: 164-178
- Page Count: 15
- Language: Polish