Optimizing corporate Information Security Management in the post-“Heartbleed” world

Autori: Viktor Polić

Izdanje: Synthesis 2015 - International Scientific Conference of IT and Business-Related Research

DOI: 10.15308/Synthesis-2015-85-89

Link: https://doi.org/10.15308/Synthesis-2015-85-89

Apstrakt:
An optimal business process is defined as a dynamic process that is able to adapt rapidly to the changing environment and maintain satisfactory level of performance directed towards achieving the predefined set of objectives. Corporate information security management is a business process focused on managing risk that can have adverse effects on vital corporate information and related technology and processes. Rapid evolution of information and communication technology (ICT) and ways it is used to collect, analyze and disseminate information carries many opportunities to improve corporate value chain, but also carries uncertainty and new risks. Unexpected flaws were recently discovered in fundamental building blocks of ICT such as OpenSSL challenging methods used to manage corporate information security. In this paper, we will review information security management process focusing on its risk management component and suggest improvements in order to remain proactive. Suggested improvements will cover methods for assessing and measuring risk in the areas of ICT that were hit by unexpected vulnerabilities such as business application development and integration, establishing corporate information security incident response teams, and developing a framework for exchanging information security threat intelligence.
Ključne reči: risk management, incident management, vulnerability management, information security risk intelligence.

Preuzimanje citata:

BibTeX format
@article{article,
  author  = {V. Polić}, 
  title   = {Optimizing corporate Information Security Management in the post-“Heartbleed” world},
  journal = {Synthesis 2015 - International Scientific Conference of IT and Business-Related Research},
  year    = 2015,
  doi     = {10.15308/Synthesis-2015-85-89}
}
RefWorks Tagged format
RT Conference Proceedings
A1 Viktor Polić
T1 Optimizing corporate Information Security Management in the post-“Heartbleed” world
AD International Scientific Conference Sinteza, Beograd, Srbija
YR 2015
NO doi: 10.15308/Synthesis-2015-85-89
Unapred formatirani prikaz citata
V. Polić, Optimizing corporate Information Security Management in the post-“Heartbleed” world, International Scientific Conference Sinteza, 2015, doi:10.15308/Synthesis-2015-85-89