Analysis of cyber security risk management documents

Authors

  • Yuliia Kozhedub Institute of special communication and information protection National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,, Ukraine

DOI:

https://doi.org/10.20535/2411-1031.2017.5.1.120580

Keywords:

Management, manager, normative documents, risk, standards.

Abstract

The article provides an analysis of the latest documents on risk management. The research of modern standards shows that their attention is focused on risks, as it was initiated in the standards of the management systems of the International Organization for Standardization. The significance of this work is of a since developments in this area were laid as the basis for the creation of different kinds of documents that they offer to different countries and organizations for implementation in the activities for information security and cybersecurity. The article proposes to consider complex documents developed for the work of the risk manager for information security and cyber security. The toolkit model is based on the core, which is defined by normative documents as a risk management process. Regulatory documents defining the process of risk management are fundamental standards that standardize the concept of “risk” and this is the starting point for managers of all units who understand the importance of risk management. The article reflects the development of scientific thought about the terminology apparatus and the scientific approach to a meaningful understanding of the importance of the risk management process. The article analyzes documents developed by international and national organizations for assistance in the work of risk managers. In addition to the study within the scope of this article, other documents that are detailed instructions for risk managers in the field of information security and cyber security activities are reflected.

Author Biography

Yuliia Kozhedub, Institute of special communication and information protection National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,

candidate of technical sciences,
associate professor at the management
academic department

References

Neil Robinson "Changing approaches to cyber defense", NATO Review. [Online]. Available: http://www.nato.int/docu/review/2016/Also-in-2016/cyber-defense-nato-security-role/UK/index.html. Accessed on: March 15, 2017.

Cabinet of Ministers of Ukraine. Order of from 10.03.2017 № 155-р of “About of the solidification of the plan for the coming years 2017 from realization of Strategy of cybersecurity of Ukraine”. [Online]. Available: http://www.kmu.gov.ua/control/uk/cardnpd?docid= 249807504. Accessed on: March 25, 2017.

International Organization for Standardization. International Standard “ISO/IEC 27032:2012 Information technology – Security techniques – Guidelines for cybersecurity”. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso-iec:27032:ed-1:v1:en. Accessed on: March 20, 2017.

International Organization for Standardization. International Standard “ISO 31000:2009 Risk management – Principles and guidelines”. [Online]. Available: https://www.iso.org/standard/ 43170.html. Accessed on: March 20, 2017.

International Organization for Standardization. International Standard "ISO Guide 73:2009 Risk management – Vocabulary”. [Online]. Available: https://www.iso.org/standard/ 44651.html. Accessed on: March 20, 2017.

“The Australian Customs Service as an innovative platform in the development of international standards for the application of customs risk management systems”. [Online]. Available: http://have-right/ombudsman/645-australian-customs-service.html. Accessed on: March 20, 2017.

National Institute of Standards and Technology. Computer Security Division. Information Technology Laboratory. “Risk Management Framework”. [Online]. Available: http://csrc.nist.gov/groups/SMA/fisma/Risk-Management-Framework/index.html. Accessed on: March 20, 2017.

National Institute of Standards and Technology. “Federal Information Processing Standards (FIPS)”. [Online]. Available: http://csrc.nist.gov/publications/PubsFIPS.html. Accessed on: March 20, 2017.

National Institute of Standards and Technology. “NIST Special Publication”. [Online]. Available: http://csrc.nist.gov/publications/PubsSPs.html. Accessed on: March 20, 2017.

International Organization for Standardization. International Standard “ISO/IEC 27005:2011 Information technology – Security techniques – Information security risk management”. [Online]. Available: https://www.iso.org/standard/56742.html. Accessed on: March 20, 2017.

International Organization for Standardization. “Electronic card of standard ISO/IEC 27005:2011 Information technology. Security techniques. Information security risk management”. [Online]. Available: https://www.iso.org/search/x/query/27005. Accessed on: March 20, 2017.

NOI INTUIT. Lecture course. “COBIT 5 – What’s New?”. [Online]. Available: http://www.intuit.ru/studies/courses/3704/946/lecture/15117?page=1,2. Accessed on: March 20, 2017.

ISACA. Main Page. [Online]. Available: https://www.isaca.org/pages/default.aspx. Accessed on: March 20, 2017.

International Forum for Accreditation (IAF). “Multilateral agreement on the recognition of the IAF (MLA)”. [Online]. Available: Офіційна веб-сторінка. – Режим доступу: http://www.iaf.nu/upFiles/IAF_MLA_Russian.pdf. Accessed on: March 27, 2017.

International Organization for Standardization. International Standard “ISO 19011:2011 Guidelines for auditing management systems”. [Online]. Available: https://www.iso.org/ standard/50675.html. Accessed on: March 22, 2017.

International Organization for Standardization. International Standard “ISO/IEC 27007:2011 Information technology. Security techniques. Guidelines for information security management systems auditing”. [Online]. Available: https://www.iso.org/standard/42506.html. Accessed on: March 24, 2017.

ISACA. “What is COBIT 5? It's the leading framework for the governance and management of enterprise IT”. [Online]. Available: http://www.isaca.org/cobit/pages/default.aspx. Accessed on: March 28, 2017.

Downloads

Published

2017-06-30

How to Cite

Kozhedub, Y. (2017). Analysis of cyber security risk management documents. Collection "Information Technology and Security", 5(1), 82–95. https://doi.org/10.20535/2411-1031.2017.5.1.120580

Issue

Vol. 5 No. 1 (2017)

Section

INFORMATION SECURITY RISK MANAGEMENT

License

Copyright (c) 2020 Collection "Information technology and security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).