Collaborative risk method for information security management practices: A case context within Turkey |
| |
| Authors: | Sevgi Ozkan Bilge Karabacak |
| |
| Institution: | 1. Informatics Institute, Middle East Technical University, Ankara, Turkey;2. Scientific and Technological Research Council of Turkey, Ankara, Turkey |
| |
| Abstract: | In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Turkey. The findings and lessons learned presented in this case provide useful insights for practitioners when implementing information security management projects in other international public sector organizations. |
| |
| Keywords: | ISO/IEC 27001:2005 ISO/IEC 27002:2005 Information security Risk analysis Flow chart Case process approach Information security governance |
| 本文献已被 ScienceDirect 等数据库收录! |
