A framework for the management of information security risks

BT Technology Journal

Volumn 25, Issue 1, 2007, Pages 30-36

  Jones, Andy ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION MANAGEMENT; RISK ASSESSMENT; RISK MANAGEMENT; SOCIETIES AND INSTITUTIONS;

INFORMATION SECURITY RISK; SECURITY RISK MANAGEMENT;

SECURITY OF DATA;

EID: 33947408114     PISSN: 13583948     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10550-007-0005-9     Document Type: Article

References (9)

1. 'Information Security Risk Assessment (RA)' and 'system Security Plan (SSP) Guidance', Centres For Medicare & Medicaid Services (CMS).
2. The OSG Thessaly Assessment Framework.
3. NSA IAM - National Security Agency's INFOSEC Assessment Methodology.
4. 'Control Objectives for Information and Related Technology (COBIT)', The IT Governance Institute (ITGI).
5. 'FIRM Risk assessment Framework', Financial Services Authority (2003).
6. 'Enterprise Risk Management - Integrated Framework', Committee of Sponsoring Organizations of the Treadway Commission (COSO) (September 2004). 2004).
7. 'Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)', Carnegie-Mellon University (2001) - www.cert.org/octave
8. BS ISO/IEC 27001:2005 (BS 7799-2:2005).
9. Jones A: 'Risk Framework for ICT Complete Security Management', BT Internal Document EX013506.