Abstract
The Information System Security is characterized by an organized frame of significances, perceptions, concepts, policies, procedures, techniques and measures that are required in order to protect individual resources – assets of the Information System, but also the entire system, from each intentional or accidental threat. The effective security management of an Information System initially requires the elaboration of a complete study, which is based on the methodology of Information System Risk Analysis and Management and which follows three main stages, according to the International Organization for Standardization: (a) Identification and valuation of assets, (b) Risk Analysis, which includes the threat assessment and the vulnerability assessment of the Information System and (c) Risk Management, which includes the selection of countermeasures, the determination of the security policy as well as the preparation, implementation and observation of the security plan. The purpose of this paper is to propose the effective guidelines that have to apply to all organisations (“participants”) in the new information society and suggest the need for a greater awareness and understanding of security issues and the need to develop a “security policy”. Index Terms Information Security, Information Security Management, Risk Assessment, Risk Management, Information Security
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
