Abstract
The widespread adoption of information and communication technology has promoted an increase dependency of organisations from the performance of their information systems. As a result, adequate security procedures to properly manage information security must be established by the organisations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit information system security is proposed and discussed. The proposed framework intends to assist organisations firstly, to understand what assets precisely need to be protect and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a simple security auditing process to support the organisation to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new internet-enabled services. The presented framework is based on a conceptual model approach, comprising the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Electronic Security and Digital Forensics
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
