INSTITUTIONALIZATION AND STANDARDIZATION OF INFORMATION SECURITY RISK MANAGEMENT IN ENTERPRISE Cover Image

Instytucjonalizacja i standaryzacja zarzadzania ryzykiem w systemie bezpieczenstwa informacji w przedsiebiorstwie
INSTITUTIONALIZATION AND STANDARDIZATION OF INFORMATION SECURITY RISK MANAGEMENT IN ENTERPRISE

Author(s): Artur Rot
Subject(s): Economy
Published by: Wydawnictwo Uniwersytetu Ekonomicznego we Wrocławiu
Keywords: RISK MANAGEMENT; SECURITY OF INFORMATION SYSTEMS; ISO/IEC STANDARDS; COBIT

Summary/Abstract: Modern information systems are often complex, heterogeneous and dynamic. Technological progress and widespread use of information systems in business generate de¬pendencies that cause the increase of diversity, complexity, uncertainty and the amount of risk factors. Therefore risk management, focusing on finding the optimal relationship between the risks and the cost of security issues, becomes increasingly important. Risk cannot be com¬pletely avoided, so it must be properly managed. Therefore organizations should implement standards, guidelines and best practices. The article presents selected standards concerning a very rapidly developing area which is information security risk management in an organiza¬tion. The major ISO/IEC standards and selected best practices in this area are presented.

  • Issue Year: 2011
  • Issue No: 19
  • Page Range: 164-178
  • Page Count: 15
  • Language: Polish
Toggle Accessibility Mode