Developing an Information Security Management System for Libraries Based on an Improved Risk Analysis Methodology Compatible with ISO/IEC 27001

Capítulo de livro

Developing an Information Security Management System for Libraries Based on an Improved Risk Analysis Methodology Compatible with ISO/IEC 27001

2019; Springer Nature; Linguagem: Inglês

10.1007/978-3-030-32033-1_34

ISSN

2194-5357

Autores

María José Bravo Ramos, Sang Guun Yoo,

Tópico(s)

Information and Cyber Security

Resumo

This paper describes a new risk analysis methodology for libraries based on steps filtered from existing methodologies that are compatible with the ISO/IEC 27000: 2013 standard. After analyzing MAGERIT, OCTAVE and NIST 800-30 risk analysis methodologies, the most important steps were identified and those that do not fit in library type of organization were discarded. Once the methodology was created, it was tested through a real implementation in the Library system of a university to verify its benefits.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Developing an Information Security Management System for Libraries Based on an Improved Risk Analysis Methodology Compatible with ISO/IEC 27001