Security Assessment

Analysis of the Next Evolution of Security Audit Criteria

Abstract:

Security assessments are performed for multiple reasons, including compliance with the information security regulation. Amongst other objectives, regulatory requirements are created to increase the resilience of national infrastructure and protect against information and cybersecurity threats. When the regulatory requirements are revised, the security audit criteria also need to be updated and validated. This was also the case with the Julkri, criteria developed for the conformance assessments of the renewed Finnish information security regulation. In this article, a comparative evaluation based on Design Science Research is performed to determine whether the new Julkri criteria improve existing criteria and control catalogues.

Does Traditional Security Risk Assessment have a Future in Information Security?

ABSTRACT

The current information security standards still advocate the use of risk assessment in the prioritisation of security investments. However, prior research on the use of risk assessment methodologies in organisational security has shown that the use of the traditional monolithic risk assessment process described in the current risk management standard is simply not practical at the organisational level. This paper first examines the problems in performing a systematic risk assessment and then discusses the limitations of a traditional risk assessment. To address these limitations, this paper proposes splitting up the current monolithic risk assessment process. The result is an information security assessment framework that puts greater emphasis on situational awareness and allows for better decision making on the prioritization of security investments.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com