DOI: https://doi.org/10.20535/2411-1031.2017.5.1.120580

Analysis of cyber security risk management documents

Yuliia Kozhedub

Abstract


The article provides an analysis of the latest documents on risk management. The research of modern standards shows that their attention is focused on risks, as it was initiated in the standards of the management systems of the International Organization for Standardization. The significance of this work is of a since developments in this area were laid as the basis for the creation of different kinds of documents that they offer to different countries and organizations for implementation in the activities for information security and cybersecurity. The article proposes to consider complex documents developed for the work of the risk manager for information security and cyber security. The toolkit model is based on the core, which is defined by normative documents as a risk management process. Regulatory documents defining the process of risk management are fundamental standards that standardize the concept of “risk” and this is the starting point for managers of all units who understand the importance of risk management. The article reflects the development of scientific thought about the terminology apparatus and the scientific approach to a meaningful understanding of the importance of the risk management process. The article analyzes documents developed by international and national organizations for assistance in the work of risk managers. In addition to the study within the scope of this article, other documents that are detailed instructions for risk managers in the field of information security and cyber security activities are reflected.


Keywords


Management, manager, normative documents, risk, standards.

References


Neil Robinson "Changing approaches to cyber defense", NATO Review. [Online]. Available: http://www.nato.int/docu/review/2016/Also-in-2016/cyber-defense-nato-security-role/UK/index.html. Accessed on: March 15, 2017.

Cabinet of Ministers of Ukraine. Order of from 10.03.2017 № 155-р of “About of the solidification of the plan for the coming years 2017 from realization of Strategy of cybersecurity of Ukraine”. [Online]. Available: http://www.kmu.gov.ua/control/uk/cardnpd?docid= 249807504. Accessed on: March 25, 2017.

International Organization for Standardization. International Standard “ISO/IEC 27032:2012 Information technology – Security techniques – Guidelines for cybersecurity”. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso-iec:27032:ed-1:v1:en. Accessed on: March 20, 2017.

International Organization for Standardization. International Standard “ISO 31000:2009 Risk management – Principles and guidelines”. [Online]. Available: https://www.iso.org/standard/ 43170.html. Accessed on: March 20, 2017.

International Organization for Standardization. International Standard "ISO Guide 73:2009 Risk management – Vocabulary”. [Online]. Available: https://www.iso.org/standard/ 44651.html. Accessed on: March 20, 2017.

“The Australian Customs Service as an innovative platform in the development of international standards for the application of customs risk management systems”. [Online]. Available: http://have-right/ombudsman/645-australian-customs-service.html. Accessed on: March 20, 2017.

National Institute of Standards and Technology. Computer Security Division. Information Technology Laboratory. “Risk Management Framework”. [Online]. Available: http://csrc.nist.gov/groups/SMA/fisma/Risk-Management-Framework/index.html. Accessed on: March 20, 2017.

National Institute of Standards and Technology. “Federal Information Processing Standards (FIPS)”. [Online]. Available: http://csrc.nist.gov/publications/PubsFIPS.html. Accessed on: March 20, 2017.

National Institute of Standards and Technology. “NIST Special Publication”. [Online]. Available: http://csrc.nist.gov/publications/PubsSPs.html. Accessed on: March 20, 2017.

International Organization for Standardization. International Standard “ISO/IEC 27005:2011 Information technology – Security techniques – Information security risk management”. [Online]. Available: https://www.iso.org/standard/56742.html. Accessed on: March 20, 2017.

International Organization for Standardization. “Electronic card of standard ISO/IEC 27005:2011 Information technology. Security techniques. Information security risk management”. [Online]. Available: https://www.iso.org/search/x/query/27005. Accessed on: March 20, 2017.

NOI INTUIT. Lecture course. “COBIT 5 – What’s New?”. [Online]. Available: http://www.intuit.ru/studies/courses/3704/946/lecture/15117?page=1,2. Accessed on: March 20, 2017.

ISACA. Main Page. [Online]. Available: https://www.isaca.org/pages/default.aspx. Accessed on: March 20, 2017.

International Forum for Accreditation (IAF). “Multilateral agreement on the recognition of the IAF (MLA)”. [Online]. Available: Офіційна веб-сторінка. – Режим доступу: http://www.iaf.nu/upFiles/IAF_MLA_Russian.pdf. Accessed on: March 27, 2017.

International Organization for Standardization. International Standard “ISO 19011:2011 Guidelines for auditing management systems”. [Online]. Available: https://www.iso.org/ standard/50675.html. Accessed on: March 22, 2017.

International Organization for Standardization. International Standard “ISO/IEC 27007:2011 Information technology. Security techniques. Guidelines for information security management systems auditing”. [Online]. Available: https://www.iso.org/standard/42506.html. Accessed on: March 24, 2017.

ISACA. “What is COBIT 5? It's the leading framework for the governance and management of enterprise IT”. [Online]. Available: http://www.isaca.org/cobit/pages/default.aspx. Accessed on: March 28, 2017.




Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)