Optimizing corporate Information Security Management in the post-“Heartbleed” world
Optimizing corporate Information Security Management in the post-“Heartbleed” world
Autori:
Izdanje: Synthesis 2015 - International Scientific Conference of IT and Business-Related Research
Apstrakt:
An optimal business process is defined as a dynamic process that is able to adapt rapidly to the changing environment and maintain satisfactory level of performance directed towards achieving the predefined set of objectives. Corporate information security management is a business process focused on managing risk that can have adverse effects on vital corporate information and related technology and processes. Rapid evolution of information and communication technology (ICT) and ways it is used to collect, analyze and disseminate information carries many opportunities to improve corporate value chain, but also carries uncertainty and new risks. Unexpected flaws were recently discovered in fundamental building blocks of ICT such as OpenSSL challenging methods used to manage corporate information security. In this paper, we will review information security management process focusing on its risk management component and suggest improvements in order to remain proactive. Suggested improvements will cover methods for assessing and measuring risk in the areas of ICT that were hit by unexpected vulnerabilities such as business application development and integration, establishing corporate information security incident response teams, and developing a framework for exchanging information security threat intelligence.
Ključne reči: risk management, incident management, vulnerability management, information security risk intelligence.
Zahvaljujemo se što ste preuzeli publikaciju sa portala Singipedia.
Ukoliko želite da se prijavite za obaveštenja o sadržajima iz oblasti ove publikacije, možete nam ostaviti adresu svoje elektronske pošte.
Preuzimanje citata:
BibTeX format
RefWorks Tagged format
Unapred formatirani prikaz citata
BibTeX format
@article{article, author = {V. Polić}, title = {Optimizing corporate Information Security Management in the post-“Heartbleed” world}, journal = {Synthesis 2015 - International Scientific Conference of IT and Business-Related Research}, year = 2015, doi = {10.15308/Synthesis-2015-85-89} }
RT Conference Proceedings A1 Viktor Polić T1 Optimizing corporate Information Security Management in the post-“Heartbleed” world AD International Scientific Conference Sinteza, Beograd, Srbija YR 2015 NO doi: 10.15308/Synthesis-2015-85-89
V. Polić, Optimizing corporate Information Security Management in the post-“Heartbleed” world, International Scientific Conference Sinteza, 2015, doi:10.15308/Synthesis-2015-85-89