Skip to the main content

Safety : journal for the safety in the work organisation and living environment, Vol. 64 No. 2, 2022.

Review article

https://doi.org/10.31306/s.64.2.4

Three-dimensional model of information security process management

Marko Bešker ; Oskar, Centar za razvoj i kvalitetu d.o.o., Zagreb, Hrvatska
Anita Bešker ; Oskar, Centar za razvoj i kvalitetu d.o.o., Zagreb, Hrvatska
Nataša Markulin Grgić ; INA d.d., Zagreb, Hrvatska

Full text: croatian pdf 644 Kb

page 143-149

downloads: 190

cite

Abstract

The paper presents an approach to risk - based information security management and multivariate analysis with defined criteria and an emphasis on preventive and proactive management of business risks.
The security of a management system depends directly on managing the risks of the business. For these reasons, ISO 9000: 2015 defines risk as the effect of uncertainty, ie deviation from what is expected - in a positive or negative sense, which means the degree of achievement of the business objectives. ISO 9001: 2015 primarily requires that the risks of a business be preventively managed but not conditional which management methods and models. ISO 31000 (Risk Management Systems), on the other hand, advocates in addition to preventive and proactive management of business risks and information. This request is very justified because it allows to react in a timely manner to the occurrence of any information threats. The preconditions for effective implementation of a risk-based management approach are additional management skills and the availability of tools (software) for multivariate risk analysis.

Keywords

information security management, risk-based management, business risk management, preventively manage risks, proactively manage risks

Hrčak ID:

280054

URI

https://hrcak.srce.hr/280054

Publication date:

6.7.2022.

Article data in other languages: croatian

Visits: 622 *