Abstract
Information is indispensable in any organization, and its security must be properly guaranteed. At present, information security in an organization includes not only confidentiality but also integrity and availability, and means a balance between them. Establishing an information security policy is effective as a means for that purpose, but it is considered to be a high hurdle for organizations such as SMEs, which have neither personnel nor financial leeway, to tackle it. We thought that a system to help establish information security policies was necessary, so we proposed a framework and tried to implement it in application programs. At present, the creation process of the basic policy by presenting the template and the creation of the organizational profile are implemented. In this paper, we propose a method to reflect the characteristics obtained from the organization profile not only in the basic policy but also in the following countermeasure standards and implement it in the application program. Keywords: security policy, information asset, ontology, generation system, SMEs
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
