Abstract
As risk managers and IT auditors, we are confronted with too many standards and types of certificates for information security and privacy protection (IS&PP). In the scope of Knowledge Management and Enrichment, critical review has been performed revealing that any and all standards and certifications use a common approach and their assessments generally lead to a similar set of security measures.
In this paper, we derive the basics of some of these standards and revive the underlying scientific models. We explain the principles of IT risk management and the
selection of an appropriate set of IS&PP measures with a single Cube, assisting risk managers and IT auditors in standardizing their work
Original language | English |
---|---|
Title of host publication | Hawaii International Conference on System Sciences (HICSS), |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 4041-4050 |
Number of pages | 10 |
Publication status | Published - 5 Jan 2016 |