Pregledni rad

https://doi.org/10.31306/s.64.2.4

Three-dimensional model of information security process management

Marko Bešker ; Oskar, Centar za razvoj i kvalitetu d.o.o., Zagreb, Hrvatska
Anita Bešker ; Oskar, Centar za razvoj i kvalitetu d.o.o., Zagreb, Hrvatska
Nataša Markulin Grgić ; INA d.d., Zagreb, Hrvatska

Sažetak

The paper presents an approach to risk - based information security management and multivariate analysis with defined criteria and an emphasis on preventive and proactive management of business risks.
The security of a management system depends directly on managing the risks of the business. For these reasons, ISO 9000: 2015 defines risk as the effect of uncertainty, ie deviation from what is expected - in a positive or negative sense, which means the degree of achievement of the business objectives. ISO 9001: 2015 primarily requires that the risks of a business be preventively managed but not conditional which management methods and models. ISO 31000 (Risk Management Systems), on the other hand, advocates in addition to preventive and proactive management of business risks and information. This request is very justified because it allows to react in a timely manner to the occurrence of any information threats. The preconditions for effective implementation of a risk-based management approach are additional management skills and the availability of tools (software) for multivariate risk analysis.

Ključne riječi

information security management, risk-based management, business risk management, preventively manage risks, proactively manage risks

Hrčak ID:

280054

URI

https://hrcak.srce.hr/280054

Datum izdavanja:

6.7.2022.

Podaci na drugim jezicima: hrvatski

Posjeta: 594 *